summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRenato Botelho <garga@FreeBSD.org>2015-01-08 11:08:03 -0200
committerRenato Botelho <garga@FreeBSD.org>2015-01-08 11:08:03 -0200
commita980b284f3c2d588e3778542aaea302acf26f490 (patch)
treefa0a0abd0b5a8f6e4de9adc53d6ad19fdfd1a30a
parent9156a51d0cb8f7124be3c173ea9bebc057f662b5 (diff)
downloadpfsense-a980b284f3c2d588e3778542aaea302acf26f490.zip
pfsense-a980b284f3c2d588e3778542aaea302acf26f490.tar.gz
Fix check for cookies, the way it was implemented didn't work because it would need a refresh to check if cookie was set or not. Use javascript to do a simple test
-rw-r--r--etc/inc/authgui.inc31
1 files changed, 16 insertions, 15 deletions
diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc
index 70ccfd4..0999452 100644
--- a/etc/inc/authgui.inc
+++ b/etc/inc/authgui.inc
@@ -225,16 +225,6 @@ if ($local_ip == false) {
}
}
}
-setcookie(
- "cookie_test",
- 'cookie_test',
- time() + 3600,
- '/',
- NULL,
- ($config['system']['webgui']['protocol'] == "https"),
- true
-);
-$have_cookies = isset($_COOKIE["cookie_test"]);
?>
@@ -304,13 +294,11 @@ $have_cookies = isset($_COOKIE["cookie_test"]);
<?=gettext("Enter username and password to login."); ?>
</span>
- <?php if (!$have_cookies && isset($_POST['login'])): ?>
- <br /><br />
- <span style="text-align:center; font-weight: normal ; font-style: italic; color: #ff0000">
+ <span style="text-align:center; font-weight: normal ; font-style: italic; color: #ff0000; display:none" id="no_cookies">
+ <br /><br />
<?= gettext("Your browser must support cookies to login."); ?>
</span>
- <?php endif; ?>
- </p>
+ </p>
<p>
<span style="text-align:center">
<input type="submit" name="login" class="formbtn" value="<?=gettext("Login"); ?>" tabindex="3" />
@@ -318,6 +306,19 @@ $have_cookies = isset($_COOKIE["cookie_test"]);
</p>
</form>
</div>
+ <script type="text/javascript">
+ //<![CDATA[
+ document.cookie=
+ "cookie_test=1" +
+ "<?php echo $config['system']['webgui']['protocol'] == 'https' ? '; secure' : '';?>";
+
+ if (document.cookie.indexOf("cookie_test") == -1)
+ document.getElementById("no_cookies").style.display="";
+
+ // Delete it
+ document.cookie = "cookie_test=1; expires=Thu, 01-Jan-1970 00:00:01 GMT";
+ //]]>
+ </script>
</body>
</html>
<?php
OpenPOWER on IntegriCloud