kevinowino869/mitrobill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix login loop

Browse Source
This commit is contained in:
Focuslinkstech 2024-10-10 16:24:36 +01:00 committed by GitHub
parent 82ffc15c03
commit 60e1eacc59
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
system/autoload/Admin.php
View File

@ -47,11 +47,11 @@ class Admin
if (sha1("$tmp[0].$tmp[1].$db_pass") == $tmp[2]) {
// Validate the token in the cookie
$isValid = self::validateToken($tmp[0], $_COOKIE['aid']);
if (!$isValid) {
if (!empty($_COOKIE['aid']) && !$isValid) {
self::removeCookie();
_alert(Lang::T('Token has expired. Please log in again.'), 'danger', "admin");
return 0;
}
} else {
if (time() - $tmp[1] < 86400 * 7) {
$_SESSION['aid'] = $tmp[0];
@ -62,6 +62,7 @@ class Admin
}
}
}
}
return 0;
}
@ -83,7 +84,7 @@ class Admin
setcookie('aid', $token, [
'expires' => time() + 86400 * 7, // 7 days
'path' => '/',
'domain' => $app_stage,
'domain' => '',
'secure' => $isSecure,
'httponly' => true,
'samesite' => 'Lax', // or Strict
@ -113,7 +114,7 @@ class Admin
setcookie('aid', '', [
'expires' => time() - 3600,
'path' => '/',
'domain' => $app_stage,
'domain' => '',
'secure' => $isSecure,
'httponly' => true,
'samesite' => 'Lax',