public static function CurrentURL($per_client = false, $prot = NULL) { $host = NULL; if ($per_client) { $host = $_SERVER['HTTP_HOST']; } else { $host = UL_DOMAIN; if (empty($host)) { $host = SERVER_NAME; } } if ($prot == NULL) { if (ulUtils::IsHTTPS()) { $prot = 'https'; } else { $prot = 'http'; } } return $prot . '://' . $host . $_SERVER['REQUEST_URI']; }
public static function sessionDestroy() { ulLog::DebugLog('Destroying session data.', 1); $_SESSION = array(); setcookie(session_name(), '', time() - 42000, '/', UL_DOMAIN === 'localhost' ? '' : UL_DOMAIN, ulUtils::IsHTTPS(), true); session_destroy(); self::$SessionStore = NULL; self::$SessionRunning = false; }
public function SetAutologin($username, $enable) { // Set SSL level $httpsOnly = ulUtils::IsHTTPS(); // Cookie-name $autologin_name = 'AutoLogin'; if ($enable == true) { if (!$this->Backend->IsAutoLoginAllowed()) { return false; } // Validate user input if (!self::ValidateUsername($username)) { return false; } // Check whetehr the user exists $uid = $this->Uid($username); if ($uid === false) { return false; } // Cookie expiry $expire = time() + UL_AUTOLOGIN_EXPIRE; // We store a nonce in the cookie so that it can only be used once $nonce = ulNonce::Create("{$username}-autologin", UL_AUTOLOGIN_EXPIRE, true); // HMAC // Used to verify that cookie really comes from us $hmac = hash_hmac(UL_HMAC_FUNC, "{$username}:::{$nonce}", UL_SITE_KEY); // Construct contents $autologin_data = "{$username}:::{$nonce}:::{$hmac}"; // Set autologin cookie setcookie($autologin_name, $autologin_data, $expire, '/', UL_DOMAIN === 'localhost' ? '' : UL_DOMAIN, $httpsOnly, true); } else { // Cookie expiry $expire = time() - 3600 * 24 * 365; $autologin_data = ''; // Set autologin cookie setcookie($autologin_name, $autologin_data, $expire, '/', UL_DOMAIN === 'localhost' ? '' : UL_DOMAIN, $httpsOnly, true); } return true; }
<?php if (php_sapi_name() != 'cli') { if (UL_PREVENT_CLICKJACK) { header('X-Frame-Options: SAMEORIGIN'); } if (UL_HTTPS || UL_HSTS > 0) { if (!ulUtils::IsHTTPS()) { header('HTTP/1.1 301 Moved Permanently'); header('Location: ' . ulUtils::CurrentURL(true, 'https')); exit(0); } else { if (UL_HSTS > 0) { header('Strict-Transport-Security: max-age=' . (string) UL_HSTS); } } } }