fixing some security issues and harderning service

2026-05-06 08:51:51 +02:00
parent 4d8ce1da43
commit 7ae7df0a11
30 changed files with 328 additions and 124 deletions
@@ -1,15 +1,11 @@
 <?php
-session_start();
+include "../utils/security.php";
+secure_session_start();
+require_same_origin_request();
 header('Content-Type: application/json');

 // Check if the user is logged in
-if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true) {
-    echo json_encode([
-        'success' => false,
-        'message' => 'Not logged in'
-    ]);
-    exit();
-}
+require_logged_in();

 // Include database configuration
 include "../../config/config.php";
@@ -36,7 +32,6 @@ $data = json_decode(file_get_contents("php://input"));
 // Check if the required fields are present
 if (isset($data->old_password) && isset($data->new_password)) {
    // Get the user ID (this should be taken from the session or JWT token)
-    session_start();
    $user_id = $_SESSION['id']; // Assuming user_id is stored in session

    // Sanitize inputs
@@ -95,4 +90,3 @@ if (isset($data->old_password) && isset($data->new_password)) {
    echo json_encode(['success' => false, 'message' => 'Missing required fields.']);
 }
 ?>
-