jrenslin/md-cms
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added check to set permissions and ensure user-related data is stored in files with 0644 permissions.

Browse Source
This commit is contained in:
Joshua Ramon Enslin 2018-06-23 11:48:01 +02:00 committed by Stefan Rohde-Enslin
parent 88a60f0486
commit 987b4ff0ce
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
edit/password_protect.php
View File

@ -8,7 +8,12 @@
// Load settings
// Demand HTTPS
if (!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] != 'on') header("Location: ../");
if (!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] != 'on') {
header("Location: ../"); exit;
}
// Ensure file for user settings is 0644.
if (substr(sprintf('%o', fileperms(__DIR__ . '/../data/users.json')), -4) != 0600) chmod(__DIR__ . '/../data/users.json', 0600);
// Get available login information
@ -72,6 +77,8 @@ function logout() {
*/
function logLogin() {
file_put_contents(loginLogFile, $_SESSION['username'].'|'.date("Y-m-d H:i:s").PHP_EOL, FILE_APPEND | LOCK_EX);
// Ensure file for user settings is 0644.
if (substr(sprintf('%o', fileperms(loginLogFile)), -4) != 0600) chmod(loginLogFile, 0600);
}
/**