Added check to set permissions and ensure user-related data is stored in files with 0644 permissions.
This commit is contained in:
parent
88a60f0486
commit
987b4ff0ce
|
@ -8,7 +8,12 @@
|
||||||
// Load settings
|
// Load settings
|
||||||
|
|
||||||
// Demand HTTPS
|
// Demand HTTPS
|
||||||
if (!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] != 'on') header("Location: ../");
|
if (!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] != 'on') {
|
||||||
|
header("Location: ../"); exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Ensure file for user settings is 0644.
|
||||||
|
if (substr(sprintf('%o', fileperms(__DIR__ . '/../data/users.json')), -4) != 0600) chmod(__DIR__ . '/../data/users.json', 0600);
|
||||||
|
|
||||||
// Get available login information
|
// Get available login information
|
||||||
|
|
||||||
|
@ -72,6 +77,8 @@ function logout() {
|
||||||
*/
|
*/
|
||||||
function logLogin() {
|
function logLogin() {
|
||||||
file_put_contents(loginLogFile, $_SESSION['username'].'|'.date("Y-m-d H:i:s").PHP_EOL, FILE_APPEND | LOCK_EX);
|
file_put_contents(loginLogFile, $_SESSION['username'].'|'.date("Y-m-d H:i:s").PHP_EOL, FILE_APPEND | LOCK_EX);
|
||||||
|
// Ensure file for user settings is 0644.
|
||||||
|
if (substr(sprintf('%o', fileperms(loginLogFile)), -4) != 0600) chmod(loginLogFile, 0600);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Reference in New Issue
Block a user