Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2025-12-26 05:26:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,227 Commits 19 Branches 112 Tags
ea916066a0b5d22ae2e2ddc05abedfcf766aa1db
Commit Graph

34 Commits

Author SHA1 Message Date
Adam Warner
a998f51f2b Merge pull request from GHSA-33w4-xf7m-f82m 
Fix Improper Session Handling vulnerability of "Remember me for 7 days" functionality
 2023-01-25 18:53:00 +00:00
4n4nk3
d31cf9d156 Fix insecure persistent login token 
Signed-off-by: 4n4nk3 <47717886+4n4nk3@users.noreply.github.com>
 2023-01-22 23:55:54 +01:00
Glenn Strauss
d94d86bad8 remove hard-coded /admin/ path; relocatable 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2023-01-22 12:46:34 +00:00
DL6ER
c013618492 Set Samesite=Strict for PHP session cookie. The cookie is set manually to be backwards compatible with versions below PHP7.3 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2022-09-08 15:01:00 +02:00
RD WebDesign
a55ae95330 Check if the API call was made using authentication 
Signed-off-by: RD WebDesign <github@rdwebdesign.com.br>
 2022-09-03 19:07:21 -03:00
RD WebDesign
509113296c Move login form to a new page 
Signed-off-by: RD WebDesign <github@rdwebdesign.com.br>
 2022-08-12 18:04:57 -03:00
DL6ER
6a39cc3b4a Disable Yoda style 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2022-08-12 18:55:27 +02:00
DL6ER
6ec4b8a529 Run PHP-CS-Fixer on all files 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2022-08-07 12:04:03 +02:00
RD WebDesign
2bc918ad6e Use 4 spaces to indent PHP files. 
Signed-off-by: RD WebDesign <github@rdwebdesign.com.br>
 2022-08-01 01:18:26 -03:00
Chris Miceli
1ed98f6f38 1777 Remember me for 7 days doesn't work if you log in from Recent Queries (#1870) 
set cookie if requested

Signed-off-by: Chris Miceli <chrismiceli@outlook.com>
 2021-10-06 23:39:21 +01:00
a1346054
26f0203137 Trim excess whitespace 
Signed-off-by: a1346054 <36859588+a1346054@users.noreply.github.com>
 2021-09-15 21:23:01 +00:00
Adam Warner
cf8602eedd set httponly to true when calling setcookie. the ini_set option above doesn't actually seem to do anything... (but not removing it just in case 
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
 2021-09-11 19:36:18 +01:00
DL6ER
64b36564c5 Regenerate session ID on successful login to prevent session fixation 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2021-02-03 14:37:58 +01:00
DL6ER
d4e46df28e Prevent javascript XSS attacks aimed to steal the session ID 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2021-02-03 14:18:29 +01:00
Aidan Woods
85c7a3b437 Use hash_equals when comparing to pwhash from cookie 
This should prevent a timing attack against this parameter to
disclose the stored passsword hash.

Signed-off-by: Aidan Woods <aidantwoods@gmail.com>
 2020-12-06 13:26:02 +00:00
XhmikosR
3dc8d9c5e3 Properly delete the persistentlogin cookie 
The previous solution did not delete the cookie.

Signed-off-by: XhmikosR <xhmikosr@gmail.com>
 2020-05-22 16:23:46 +03:00
Rob Gill
96039f52a5 fix typo in cookie check 
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
 2018-06-01 09:52:07 +10:00
Rob Gill
30bef67a88 indenting 
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
 2018-05-15 10:55:46 +10:00
Rob Gill
72e95cec96 indenting 
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
 2018-05-15 09:03:09 +10:00
Rob Gill
7a3fc169a5 Update password.php 2018-05-10 09:14:57 +10:00
Rob Gill
5733d08745 Remove invalid cookie 
If cookie is invalid, it is cleared from the browser before continuing
 2018-05-10 08:54:44 +10:00
Rob Gill
a8bf42687c Update password.php 2018-05-08 19:05:19 +10:00
rrobgill
84b6f6b291 Update password.php 2018-05-08 17:24:11 +10:00
rrobgill
85dd92771a Cookie login 
Allow user to (optionally) set a cookie for automatic login.
Expiry is set for 7 days.
Cookie refreshes, extending for 7 days from each use.
 2018-05-05 14:42:04 +10:00
Mcat12
289b62abf3 Fix header.php importing func.php twice 
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
 2018-01-20 10:59:05 -05:00
Mcat12
862db2ba9e Use hash_equals in password.php (and move it to funcs.php) 
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
 2018-01-19 17:52:06 -05:00
Andres Rey
a3aecbf15a Remove unused sprintf function 2017-10-10 18:42:32 +01:00
Andres Rey
33db4f2842 Redirect the user in a POST-Redirect-GET fashion after a successful login 2017-10-10 10:40:18 +01:00
DL6ER
d7fdaf9273 Fix whitespace caused by added license headers 2017-02-19 21:19:02 +01:00
DL6ER
4f70973cbc EUPL license (#402) 
* Move whole project to EUPL, copy MIT license to scripts/vendor/ and style/vendor/

* Added header to main PHP files

* Modified scripts in scripts/pi-hole/php

* Added header to scripts/pi-hole/js files

* Added license header to our custom style script

* Slight reformulation
 2017-02-18 14:20:51 +01:00
DL6ER
9db9eff3d8 Ensure that $auth is always set 2017-01-08 11:01:26 +01:00
Mcat12
2f65430a4d Move PHP scripts to scripts folder 2016-12-21 21:09:58 +01:00
DL6ER
e188cb6fbc Revert "Merge pull request #267 from pi-hole/folderStructure" 
This reverts commit fba3d10fa4, reversing
changes made to 4ee75f4167.
 2016-12-21 17:16:52 +01:00
Mcat12
d1da1de597 Move PHP scripts to scripts folder 2016-12-19 19:44:51 -05:00