diff options
author | Thomas Lange <code@nerdmind.de> | 2021-09-19 13:44:44 +0200 |
---|---|---|
committer | Thomas Lange <code@nerdmind.de> | 2021-09-19 13:55:16 +0200 |
commit | 19a7e6d54de4286461c6ae74970dfdbe994a335c (patch) | |
tree | 84a69a9e874190184d2cddb83fa6f6f381055e7e | |
parent | 2738a6d20ebde5da0d8eb96c6c2b2cc30750245a (diff) | |
download | blog-19a7e6d54de4286461c6ae74970dfdbe994a335c.tar.gz blog-19a7e6d54de4286461c6ae74970dfdbe994a335c.tar.xz blog-19a7e6d54de4286461c6ae74970dfdbe994a335c.zip |
Rename some session array keys
* Rename "auth" to "USER_ID"
* Rename "token" to "CSRF_TOKEN"
-rw-r--r-- | admin/auth.php | 2 | ||||
-rw-r--r-- | core/namespace/Application.php | 8 |
2 files changed, 5 insertions, 5 deletions
diff --git a/admin/auth.php b/admin/auth.php index d0abc38..8d7bf9a 100644 --- a/admin/auth.php +++ b/admin/auth.php @@ -33,7 +33,7 @@ if(HTTP::issetPOST('username', 'password')) { if($User = $UserRepository->findBy('username', HTTP::POST('username'))) { if(password_verify(HTTP::POST('password'), $User->get('password'))) { - $_SESSION['auth'] = $User->getID(); + $_SESSION['USER_ID'] = $User->getID(); HTTP::redirect(Application::getAdminURL()); } else { $messages[] = $Language->text('authentication_failure'); diff --git a/core/namespace/Application.php b/core/namespace/Application.php index fa5e0a9..8346248 100644 --- a/core/namespace/Application.php +++ b/core/namespace/Application.php @@ -116,18 +116,18 @@ class Application { # Return unique CSRF token for the current session #=============================================================================== public static function getSecurityToken(): string { - if(!isset($_SESSION['token'])) { - $_SESSION['token'] = bin2hex(random_bytes(16)); + if(!isset($_SESSION['CSRF_TOKEN'])) { + $_SESSION['CSRF_TOKEN'] = bin2hex(random_bytes(16)); } - return $_SESSION['token']; + return $_SESSION['CSRF_TOKEN']; } #=============================================================================== # Return boolean if successfully authenticated #=============================================================================== public static function isAuthenticated(): bool { - return isset($_SESSION['auth']); + return isset($_SESSION['USER_ID']); } #=============================================================================== |