diff options
-rw-r--r-- | admin/auth.php | 2 | ||||
-rw-r--r-- | core/namespace/Application.php | 8 |
2 files changed, 5 insertions, 5 deletions
diff --git a/admin/auth.php b/admin/auth.php index d0abc38..8d7bf9a 100644 --- a/admin/auth.php +++ b/admin/auth.php @@ -33,7 +33,7 @@ if(HTTP::issetPOST('username', 'password')) { if($User = $UserRepository->findBy('username', HTTP::POST('username'))) { if(password_verify(HTTP::POST('password'), $User->get('password'))) { - $_SESSION['auth'] = $User->getID(); + $_SESSION['USER_ID'] = $User->getID(); HTTP::redirect(Application::getAdminURL()); } else { $messages[] = $Language->text('authentication_failure'); diff --git a/core/namespace/Application.php b/core/namespace/Application.php index fa5e0a9..8346248 100644 --- a/core/namespace/Application.php +++ b/core/namespace/Application.php @@ -116,18 +116,18 @@ class Application { # Return unique CSRF token for the current session #=============================================================================== public static function getSecurityToken(): string { - if(!isset($_SESSION['token'])) { - $_SESSION['token'] = bin2hex(random_bytes(16)); + if(!isset($_SESSION['CSRF_TOKEN'])) { + $_SESSION['CSRF_TOKEN'] = bin2hex(random_bytes(16)); } - return $_SESSION['token']; + return $_SESSION['CSRF_TOKEN']; } #=============================================================================== # Return boolean if successfully authenticated #=============================================================================== public static function isAuthenticated(): bool { - return isset($_SESSION['auth']); + return isset($_SESSION['USER_ID']); } #=============================================================================== |