Implement a basic session expiration

It's rudimentary, but this should ensure that people will need to re-authenticate after closing their browser session
2023-02-12 19:41:52 -08:00 · 2023-02-12 19:41:52 -08:00 · d08d136990
commit d08d136990
parent 25e1ef9434
1 changed files with 7 additions and 0 deletions
--- a/src/AntCMS/AntAuth.php
+++ b/src/AntCMS/AntAuth.php
@ -33,6 +33,11 @@ class AntAuth
            $currentConfig = AntConfig::currentConfig();
        }

+        // If the credentials are still set valid, but the auth cookie has expired, re-require authentication.
+        if (!isset($_COOKIE['auth'])) {
+            AntAuth::requireAuth();
+        }
+
        if ($currentConfig['admin']['username'] == $username && password_verify($password, $currentConfig['admin']['password'])) {
            return;
        }
@ -47,6 +52,8 @@ class AntAuth
     */
    private static function requireAuth()
    {
+        setcookie("auth", "true");
+
        $title = AntConfig::currentConfig('siteInfo.siteTitle');
        header('WWW-Authenticate: Basic realm="' . $title . '"');
        http_response_code(401);