From 976fc1bc8f2dd22d264a03ad2e990104ae5ac516 Mon Sep 17 00:00:00 2001
From: markjcrane <markjcrane@gmail.com>
Date: Mon, 22 Feb 2016 13:18:37 -0700
Subject: [PATCH] Increase the HTTPS security.

---
 resources/check_auth.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/resources/check_auth.php b/resources/check_auth.php
index 0fd7825b42..9619898116 100644
--- a/resources/check_auth.php
+++ b/resources/check_auth.php
@@ -31,7 +31,9 @@ require_once "resources/require.php";
 	}
 
 //start the session
+	ini_set("session.use_only_cookies", True);
 	ini_set("session.cookie_httponly", True);
+	if ($_SERVER["HTTPS"] == "on") { ini_set("session.cookie_secure", True); }
 	session_start();
 
 //if the username session is not set the check username and password
@@ -223,7 +225,7 @@ require_once "resources/require.php";
 					}
 					else {
 						$sql .= "where username=:username ";
-						//$sql .= "and username='".$username."' ";
+						//$sql .= "where username='".$username."' ";
 					}
 					//$sql .= "and domain_uuid='".$domain_uuid."' ";
 					if ($_SESSION["user"]["unique"]["text"] == "global") {
@@ -396,7 +398,7 @@ require_once "resources/require.php";
 			}
 
 		//get the domains
-			if (file_exists($_SERVER['DOCUMENT_ROOT'].PROJECT_PATH."/app/domains/app_config.php")){
+			if (file_exists($_SERVER["PROJECT_ROOT"]."/app/domains/app_config.php")){
 				require_once "app/domains/resources/domains.php";
 			}