9 年之前 · 4485002d37
--- a/core/users/signup.php
+++ b/core/users/signup.php
@@ -82,7 +82,7 @@ if (count($_POST) > 0 && check_str($_POST["persistform"]) != "1") {
 
				 	$msg = '';
			
 
				 
			
 
				 	//--- begin captcha verification ---------------------
			
 
				-		//session_start(); //make sure sessions are started
			
 
				+		//ini_set("session.cookie_httponly", True); //session_start(); //make sure sessions are started
			
 
				 		if (strtolower($_SESSION["captcha"]) != strtolower($_REQUEST["captcha"]) || strlen($_SESSION["captcha"]) == 0) {
			
 
				 			//$msg .= "Captcha Verification Failed<br>\n";
			
 
				 		}
			
--- a/index.php
+++ b/index.php
@@ -26,6 +26,7 @@
 
				 include "root.php";
			
 
				 
			
 
				 // start the session
			
 
				+	ini_set("session.cookie_httponly", True);
			
 
				 	session_start();
			
 
				 
			
 
				 //if config.php file does not exist then redirect to the install page
			
--- a/login.php
+++ b/login.php
@@ -26,6 +26,7 @@
 
				 include "root.php";
			
 
				 
			
 
				 //start session
			
 
				+	ini_set("session.cookie_httponly", True);
			
 
				 	session_start();
			
 
				 
			
 
				 //retain message
			
--- a/resources/captcha/config.php
+++ b/resources/captcha/config.php
@@ -63,7 +63,7 @@ $pathtofonts = "/captcha/fonts/"; //path from the root of the website
 
				     //add this to the top of the page where the form is submitted to
			
 
				 
			
 
				         //--- begin captcha verification ---------------------
			
 
				-          //session_start(); //make sure sessions are started
			
 
				+          //ini_set("session.cookie_httponly", True); session_start(); //make sure sessions are started
			
 
				           if (strtolower($_SESSION["captcha"]) != strtolower($_REQUEST["captcha"]) || strlen($_SESSION["captcha"]) == 0) {
			
 
				 
			
 
				               echo "       <span class=\"h2\">Sorry!</span>\n";
			
--- a/resources/captcha/img.php
+++ b/resources/captcha/img.php
@@ -26,8 +26,10 @@
 
				 include "root.php";
			
 
				 require_once "config.php";
			
 
				 error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING ); //hide notices and warnings
			
 
				-session_start();
			
 
				 
			
 
				+//start the session
			
 
				+ini_set("session.cookie_httponly", True);
			
 
				+session_start();
			
 
				 
			
 
				 // Captcha verification image -----------------------
			
 
				 // Description this page is used to verify the captcha
			
--- a/resources/check_auth.php
+++ b/resources/check_auth.php
@@ -31,6 +31,7 @@ require_once "resources/require.php";
 
				 	}
			
 
				 
			
 
				 //start the session
			
 
				+	ini_set("session.cookie_httponly", True);
			
 
				 	session_start();
			
 
				 
			
 
				 //if the username session is not set the check username and password
			
--- a/resources/functions.php
+++ b/resources/functions.php
@@ -156,13 +156,13 @@
 
				 				//$this->write_debug($cmd);
			
 
				 				exec ($cmd);
			
 
				 			}
			
 
				-		}elseif(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN'){
			
 
				+		} elseif(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
			
 
				 			function recursive_copy($src, $dst, $options = '') {
			
 
				 				$src = normalize_path_to_os($src);
			
 
				 				$dst = normalize_path_to_os($dst);
			
 
				 				exec("xcopy /E /Y \"$src\" \"$dst\"");
			
 
				 			}
			
 
				-		}else{
			
 
				+		} else {
			
 
				 			function recursive_copy($src, $dst, $options = '') {
			
 
				 				$dir = opendir($src);
			
 
				 				if (!$dir) {
			
--- a/resources/php.php
+++ b/resources/php.php
@@ -29,6 +29,7 @@
 
				 
			
 
				 	//session handling
			
 
				 		//start the session
			
 
				+			ini_set("session.cookie_httponly", True);
			
 
				 			session_start();
			
 
				 		//regenerate sessions to avoid session id attacks such as session fixation
			
 
				 			if ($_SESSION['security']['session_rotate']['boolean'] == "true") {