Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added: Cookies, URL Hopping Prevention, Group Checking #25

Merged
merged 3 commits into from
Nov 27, 2024
Merged

Added: Cookies, URL Hopping Prevention, Group Checking #25

merged 3 commits into from
Nov 27, 2024

Conversation

SilentSmeary
Copy link
Contributor

@SilentSmeary SilentSmeary commented Nov 27, 2024
edited by gxlxzzzz
Loading

Type of Change

  • New feature
  • Bug fix
  • Refactoring
  • Hotfix
  • Security patch
  • UI/UX improvement

Description

Added:

  • Login Authority System based on the admin group
  • Preventing system level accounts from being able to be used to login regardless of correct User and PWD
  • Added Cookie ( 2 mins ) that is created on login and prevents being able to "hop" about through the URL
  • Added some more context to audit logs regarding logging in, still needs working on more

Edited:

  • Essentially every PHP file that the end user accesses
  • Heavily edited the login page as this is where the logic for cookies is stored

Testing

  • Tested on 2 machines worked on both. provides robust security where if cookie times out the user is automatically rerouted to login ( index.html ) to obtain a new cookie , this cookie can not be a Jaffa cake as SHOCKER that is a CAKE and not a "Biscuit" or "cookie". If you expect a Jaffa Cake when you refresh your cookies I will ensure you receive Rich Tea Biscuits.

Impact

  • Massive Security overhaul regarding hopping around the local host without appropriate access level.

Additional Information

There are HTML files called, log/log.html and administer/administer.html that can't be secured as they are html files that can't run PHP code these need to be converted to PHP and the snippet below needs to be added to ensure security across the site

All Future Created Files Need to have this at the top:

// Start a new session
session_start();

// Check for valid session and cookie
if (!isset($_SESSION['ssnlogin']) || !isset($_COOKIE['cooies_and_cream'])) {
    header("Location: ../index.html");
    exit();
}

Accounts will be created with the new version of the database, Please test everything possible and try and break it.

Checklist

  • My code adheres to the coding and style guidelines of the project.
  • I have performed a self-review of my own code.
  • I have made corresponding changes to the documentation.
  • My changes generate no errors/warnings/merge conflicts.

@SilentSmeary SilentSmeary changed the title added: ssnlogin to all pages added: Cookies, URL Hopping Prevention, Group Checking Nov 27, 2024
@gxlxzzzz gxlxzzzz changed the title added: Cookies, URL Hopping Prevention, Group Checking Added: Cookies, URL Hopping Prevention, Group Checking Nov 27, 2024
@gxlxzzzz gxlxzzzz added the feature New feature or request label Nov 27, 2024
@SilentSmeary SilentSmeary merged commit 27018b1 into main Nov 27, 2024
@SilentSmeary SilentSmeary deleted the 26-11-Cookies-Login branch November 27, 2024 09:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@gxlxzzzz gxlxzzzz

Labels
feature New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@SilentSmeary @gxlxzzzz