Send cookie only via HTTPS if a mod logs in via HTTPS, which is the case on this site

10 years ago · 6716a24b68
2 changed files with 3 additions and 3 deletions
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@ -69,13 +69,13 @@ function setCookies() {
 			$mod['hash'][0] . // password
 			':' .
 			$mod['hash'][1], // salt
-		time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, $config['cookies']['httponly']);
+		time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, $_SERVER['HTTPS'], $config['cookies']['httponly']);
 }

 function destroyCookies() {
 	global $config;
 	// Delete the cookies
-	setcookie($config['cookies']['mod'], 'deleted', time() - $config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path'] : '/', null, false, true);
+	setcookie($config['cookies']['mod'], 'deleted', time() - $config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path'] : '/', null, $_SERVER['HTTPS'], true);
 }

 function modLog($action, $_board=null) {
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@ -150,7 +150,7 @@ function mod_dashboard() {
 				$latest = false;
 			}
 	
-			setcookie('update', serialize($latest), time() + $config['check_updates_time'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, true);
+			setcookie('update', serialize($latest), time() + $config['check_updates_time'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, $_SERVER['HTTPS'], true);
 		}
 		
 		if ($latest)