From 9c5231c2988001e96492c4a3ffe21cebd4b64adc Mon Sep 17 00:00:00 2001
From: Freya Murphy <freya@freyacat.org>
Date: Mon, 27 May 2024 11:39:53 -0400
Subject: [PATCH] aaa

---
 .gitignore               |  1 +
 src/web/helpers/auth.php | 27 ++++++++++++++++++++++++---
 src/web/index.php        | 13 ++-----------
 3 files changed, 27 insertions(+), 14 deletions(-)

diff --git a/.gitignore b/.gitignore
index 1269488..0b12f2d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 data
+conf/ldap/ldap.env
diff --git a/src/web/helpers/auth.php b/src/web/helpers/auth.php
index 7aa4aff..3ff1e71 100644
--- a/src/web/helpers/auth.php
+++ b/src/web/helpers/auth.php
@@ -2,6 +2,27 @@
 
 $keys = array();
 
+function get_cookie() {
+	$cookie_name = 'X-LDAP-Auth-Key';
+	if(isset($_COOKIE[$cookie_name])) {
+		return $_COOKIE[$cookie_name];
+	} else {
+		return FALSE;
+	}
+}
+
+function store_cookie($key) {
+	$cookie_name = 'X-LDAP-Auth-Key';
+	setcookie(
+		$cookie_name,
+		$key,
+		time() + (86400 * 30),
+		"/",
+		TRUE,
+		TRUE
+	);
+}
+
 function load_key($key) {
 	$file = "/tmp/$key";
 	if (!file_exists($file))
@@ -34,10 +55,10 @@ function get_random($n)
 }
 
 function key_auth() {
-	if (!isset($_SESSION['auth'])) {
+	$key = get_cookie();
+	if ($key === FALSE) {
 		return FALSE;
 	}
-	$key = $_SESSION['auth'];
 	$data = load_key($key);
 	if ($data === FALSE) {
 		return FALSE;
@@ -55,5 +76,5 @@ function key_auth() {
 function key_new($user) {
 	$key = get_random(128);
 	store_key($key, $user);
-	$_SESSION['auth'] = $key;
+	store_cookie($key);
 }
diff --git a/src/web/index.php b/src/web/index.php
index 932fc84..8ae7a95 100644
--- a/src/web/index.php
+++ b/src/web/index.php
@@ -10,15 +10,6 @@ require($webroot . '/helpers/ldap.php');
 require($webroot . '/helpers/auth.php');
 
 // start session
-session_set_cookie_params(
-	60 * 60 * 24, // lifetime (seconds),
-	'/', // path
-	NULL, // domain,
-	TRUE, // secure,
-	TRUE // http only
-);
-session_start();
-
 function page($file,  $data = array()) {
 	extract($data);
 	$webroot = $GLOBALS['webroot'];
@@ -56,8 +47,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 	if ($_SERVER['REQUEST_URI'] !== '/login') {
 		// we are being forwarded authed
 		// redirect
-		http_response_code(301);
-		header("Location: https://$env/login");
+		http_response_code(303);
+		header("Location: http://$env/login");
 	} else {
 		page('login', array(
 			'title' => 'Login'