Jakach/jakach-login
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixing some security issues and harderning service
Deploy / deploy (push) Successful in 38s
Details

Browse Source
This commit is contained in:
janis steiner
2026-05-06 08:51:51 +02:00
parent 4d8ce1da43
commit 7ae7df0a11
30 changed files with 328 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app-code/api/login/check_pw.php
+6 -3
View File
@@ -1,5 +1,7 @@
<?php
session_start();
include "../utils/security.php";
secure_session_start();
require_same_origin_request();
header('Content-Type: application/json');
$send_to=$_SESSION["end_url"];
@@ -17,10 +19,11 @@ $pepper="";
mysqli_stmt_bind_result($stmt, $pw,$pepper);
mysqli_stmt_fetch($stmt);
mysqli_stmt_close($stmt);
$password=$_POST["password"];
$password=$_POST["password"] ?? "";
if(password_verify($password.$pepper,$pw)){
if($pw !== "" && password_verify($password.$pepper,$pw)){
$_SESSION["pw_authenticated"]=1;
session_regenerate_id(true);
$data = [
'status' => 'success'
];