diff --git a/install.php b/install.php index 9335299..b32bd20 100644 --- a/install.php +++ b/install.php @@ -222,7 +222,7 @@ if(from($_SERVER,'QUERY_STRING') == "rewriteRule.html") echo "YES!"; die(); } - +session_set_cookie_params(['samesite' => 'Strict']); session_start(); new Settings; diff --git a/system/admin/admin.php b/system/admin/admin.php index 3ab4a56..0c31df1 100644 --- a/system/admin/admin.php +++ b/system/admin/admin.php @@ -53,6 +53,7 @@ function session($user, $pass) if ($user_enc == "password_hash") { if (password_verify($pass, $user_pass)) { + if (session_status() == PHP_SESSION_NONE) session_start(); if (password_needs_rehash($user_pass, PASSWORD_DEFAULT)) { update_user($user, $pass, $user_role); } @@ -62,6 +63,7 @@ function session($user, $pass) return $str = '
'; } } else if (old_password_verify($pass, $user_enc, $user_pass)) { + if (session_status() == PHP_SESSION_NONE) session_start(); update_user($user, $pass, $user_role); $_SESSION[config("site.url")]['user'] = $user; header('location: admin'); diff --git a/system/htmly.php b/system/htmly.php index 431cd8f..f714c71 100644 --- a/system/htmly.php +++ b/system/htmly.php @@ -2648,6 +2648,7 @@ get('/:static', function ($static) { } die; } elseif ($static === 'login') { + if (session_status() == PHP_SESSION_NONE) session_start(); config('views.root', 'system/admin/views'); render('login', array( 'title' => 'Login - ' . blog_title(), diff --git a/system/includes/session.php b/system/includes/session.php index 071dacf..72677fc 100644 --- a/system/includes/session.php +++ b/system/includes/session.php @@ -1,9 +1,11 @@ 'Strict']); +if (isset($_COOKIE['PHPSESSID'])) + session_start(); function login() { + if (session_status() == PHP_SESSION_NONE) return false; if (isset($_SESSION[config("site.url")]['user']) && !empty($_SESSION[config("site.url")]['user'])) { return true; } else {