Last active
April 1, 2020 20:57
-
-
Save AdamZWinter/b17f0b2355379c68cb4d406924948246 to your computer and use it in GitHub Desktop.
Secure site header
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| //header.php | |
| if(!isset($_SESSION)) | |
| { | |
| ini_set('session.cookie_lifetime', 0); | |
| ini_set('session.use_cookies', 1); | |
| ini_set('session.use_only_cookies', 1); | |
| ini_set('session.use_strict_mode', 1); | |
| ini_set('session.cookie_httponly', 1); | |
| ini_set('session.cookie_secure', 1); | |
| ini_set('session.cookie_samesite', 'Strict'); | |
| ini_set('session.use_trans_sid', 0); | |
| ini_set('session.hash_function', 'sha512'); | |
| ini_set('session.sid_length', '64'); | |
| session_start(); | |
| } | |
| require('/[securefolder]/[secretfoldernamehash]/[configurationfilenamesecret].php'); | |
| $datetime = date("U"); | |
| date_default_timezone_set('America/Los_Angeles'); //TODO: Customize variable | |
| $docroot = @$_SERVER['DOCUMENT_ROOT']; | |
| $debugging=true; | |
| $newsession = true; //initialized | |
| $session = bin2hex(random_bytes(64)); //initialized | |
| if (isset($_SESSION['sessionID'])){ | |
| $session = @$_SESSION['sessionID']; | |
| $newsession = false; | |
| } | |
| $obj = new stdClass(); | |
| $obj->notice = 'This is not an error, we just have debugging enabled right now. '; | |
| //$obj->session = $session; //debugging only | |
| $obj->datetime = $datetime; | |
| $obj->message = 'Debugging ON: Start Message: '; | |
| $obj->error = 'none'; | |
| $obj->code = bin2hex(random_bytes(16)); //initialized | |
| $db = new mysqli('localhost', $dbuser, $userpw, $database); | |
| if (mysqli_connect_errno()) { | |
| $obj->error = 'Error: Could not connect to database.'; | |
| echo json_encode($obj); | |
| exit; | |
| }else{ | |
| $obj->message = $obj->message.'Successfully connected to database. '; | |
| } | |
| //check session | |
| $email = bin2hex(random_bytes(64)); //initialized | |
| $authorized=false; | |
| $checksession = bin2hex(random_bytes(64)); //initialized | |
| $query = "SELECT email, sessionid | |
| FROM sessions WHERE sessionid = ?"; | |
| $stmt = $db->prepare($query); | |
| $stmt->bind_param('s', $session); | |
| $stmt->execute(); | |
| $stmt->store_result(); | |
| $stmt->bind_result($emaildb, $sessiondb); | |
| if (mysqli_connect_errno()) {$obj->error = 'Error: Could not connect to database. '; | |
| echo json_encode($obj); | |
| exit; | |
| } | |
| else{ | |
| if($stmt->num_rows == 1) { | |
| while($stmt->fetch()){ | |
| $email = $emaildb; | |
| $checksession = $sessiondb; | |
| } | |
| if(strcmp($session, $checksession)==0){ | |
| $authorized=true; | |
| $obj->message=$obj->message.'Authorized! '; | |
| } | |
| } elseif($stmt->num_rows == 0) { | |
| $obj->message=$obj->message.'Session not found. '; | |
| } else { | |
| $obj->error = 'Database Error: Sessions not 1 or 0. '; | |
| echo json_encode($obj); | |
| exit; | |
| } | |
| } | |
| ?> | |
| <!DOCTYPE html> | |
| <html lang="en-US"> | |
| <head> | |
| <meta charset="UTF-8" /> | |
| <meta http-equiv="X-UA-Compatible" content="IE=edge"> | |
| <meta name='viewport' content='width=device-width, initial-scale=1.0'> | |
| <title>GCBookings</title> | |
| <link rel="stylesheet" type="text/css" href="/css.css"> | |
| <style> | |
| <?php | |
| if($authorized){ | |
| echo '.guest { display: none; }'; | |
| }else{ | |
| echo '.authorized { display: none; }'; | |
| } | |
| ?> | |
| </style> | |
| </head> | |
| <body id="grad1"> | |
| <!-- _______________________PAGE HEADER____________________________--> | |
| <header> | |
| <div class="topHead"> | |
| <div class="topleft" ><a class="buttonHome" href="https://gcbookings.com">GCBookings.com</a></div> | |
| <div class="topright"><a class="buttonSignIn authorized" href="/dashboard/session.php"><?php echo $email;?></a></div> | |
| <div class="topright"><a class="buttonSignIn authorized" href="/logout.php">Log Out</a></div> | |
| <div class="topright"><a class="buttonSignIn guest" href="/signin.php">Sign In</a></div> | |
| <div class="topright"><a class="buttonSignIn guest" href="/register.php">Register</a></div> | |
| </div> | |
| <div style="clear:both"></div> | |
| </header> | |
| <div class="row"> | |
| <div class="sectionleft col-1 row_height"> | |
| <p></p> | |
| </div> | |
| <div class="col-10 row_height content"> | |
| <!-- Row 1 --> | |
| <div class="row"> | |
| <div class="col-1 mainGridBox bigScreen"> | |
| </div> | |
| <div class="col-10 mainGridBox bigScreen"> | |
| </div> | |
| <div class="col-1 mainGridBox bigScreen"> | |
| </div> | |
| </div> | |
| <!-- Row 2 --> | |
| <div class="row"> | |
| <div class="col-1 mainGridBox bigScreen"> | |
| </div> | |
| <div class="col-10 mainGridBox"> | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment