13 years ago · c830718e9f
--- a/Sources/ManageServer.php
+++ b/Sources/ManageServer.php
@@ -258,7 +258,7 @@ function ModifyDatabaseSettings($return_config = false)
 
				  */
			
 
				 function ModifyCookieSettings($return_config = false)
			
 
				 {
			
 
				-	global $context, $scripturl, $txt, $sourcedir, $modSettings, $cookiename, $user_settings;
			
 
				+	global $context, $scripturl, $txt, $sourcedir, $modSettings, $cookiename, $user_settings, $boardurl;
			
 
				 
			
 
				 	// Define the variables we want to edit.
			
 
				 	$config_vars = array(
			
@@ -267,6 +267,7 @@ function ModifyCookieSettings($return_config = false)
 
				 		array('cookieTime', $txt['cookieTime'], 'db', 'int'),
			
 
				 		array('localCookies', $txt['localCookies'], 'db', 'check', false, 'localCookies'),
			
 
				 		array('globalCookies', $txt['globalCookies'], 'db', 'check', false, 'globalCookies'),
			
 
				+		array('globalCookiesDomain', $txt['globalCookiesDomain'], 'db', 'text', false, 'globalCookiesDomain'),
			
 
				 		array('secureCookies', $txt['secureCookies'], 'db', 'check', false, 'secureCookies',  'disabled' => !isset($_SERVER['HTTPS']) || !(strtolower($_SERVER['HTTPS']) == 'on' || strtolower($_SERVER['HTTPS']) == '1')),
			
 
				 		array('httponlyCookies', $txt['httponlyCookies'], 'db', 'check', false, 'httponlyCookies'),
			
 
				 		'',
			
@@ -289,6 +290,9 @@ function ModifyCookieSettings($return_config = false)
 
				 	{
			
 
				 		call_integration_hook('integrate_save_cookie_settings');
			
 
				 
			
 
				+		if (isset($_POST['globalCookiesDomain']) && strpos($boardurl, $_POST['globalCookiesDomain']) === false)
			
 
				+			fatal_lang_error('invalid_cookie_domain', false);
			
 
				+
			
 
				 		saveSettings($config_vars);
			
 
				 
			
 
				 		// If the cookie name was changed, reset the cookie.
			
--- a/Sources/Subs-Auth.php
+++ b/Sources/Subs-Auth.php
@@ -115,7 +115,7 @@ function setLoginCookie($cookie_length, $id, $password = '')
 
				  */
			
 
				 function url_parts($local, $global)
			
 
				 {
			
 
				-	global $boardurl;
			
 
				+	global $boardurl, $modSettings;
			
 
				 
			
 
				 	// Parse the URL with PHP to make life easier.
			
 
				 	$parsed_url = parse_url($boardurl);
			
@@ -124,8 +124,11 @@ function url_parts($local, $global)
 
				 	if (empty($parsed_url['path']) || !$local)
			
 
				 		$parsed_url['path'] = '';
			
 
				 
			
 
				+	if (!empty($modSettings['globalCookiesDomain']) && strpos($boardurl, $modSettings['globalCookiesDomain']) !== false)
			
 
				+		$parsed_url['host'] = $modSettings['globalCookiesDomain'];
			
 
				+
			
 
				 	// Globalize cookies across domains (filter out IP-addresses)?
			
 
				-	if ($global && preg_match('~^\d{1,3}(\.\d{1,3}){3}$~', $parsed_url['host']) == 0 && preg_match('~(?:[^\.]+\.)?([^\.]{2,}\..+)\z~i', $parsed_url['host'], $parts) == 1)
			
 
				+	elseif ($global && preg_match('~^\d{1,3}(\.\d{1,3}){3}$~', $parsed_url['host']) == 0 && preg_match('~(?:[^\.]+\.)?([^\.]{2,}\..+)\z~i', $parsed_url['host'], $parts) == 1)
			
 
				 			$parsed_url['host'] = '.' . $parts[1];
			
 
				 
			
 
				 	// We shouldn't use a host at all if both options are off.
			
--- a/Themes/default/languages/Help.english.php
+++ b/Themes/default/languages/Help.english.php
@@ -360,6 +360,7 @@ $helptxt['globalCookies'] = 'Makes log in cookies available across subdomains.
 
				 	Your site is at http://www.simplemachines.org/,<br />
			
 
				 	And your forum is at http://forum.simplemachines.org/,<br />
			
 
				 	Using this option will allow you to access the forum\'s cookie on your site.  Do not enable this if there are other subdomains (like hacker.simplemachines.org) not controlled by you.';
			
 
				+$helptxt['globalCookiesDomain'] = 'Define the main domain to be used when log in cookies are available across subdomains';
			
 
				 $helptxt['secureCookies'] = 'Enabling this option will force the cookies created for users on your forum to be marked as secure. Only enable this option if you are using HTTPS throughout your site as it will break cookie handling otherwise!';
			
 
				 $helptxt['securityDisable'] = 'This <em>disables</em> the additional password check for the administration section. This is not recommended!';
			
 
				 $helptxt['securityDisable_why'] = 'This is your current password. (the same one you use to login.)<br /><br />Having to type this helps ensure that you want to do whatever administration you are doing, and that it is <strong>you</strong> doing it.';
			
--- a/Themes/default/languages/ManageSettings.english.php
+++ b/Themes/default/languages/ManageSettings.english.php
@@ -47,6 +47,8 @@ $txt['pruneSpiderHitLog'] = 'Remove search engine hit logs older than<div class=
 
				 $txt['cookieTime'] = 'Default login cookies length (in minutes)';
			
 
				 $txt['localCookies'] = 'Enable local storage of cookies<div class="smalltext">(SSI won\'t work well with this on.)</div>';
			
 
				 $txt['globalCookies'] = 'Use subdomain independent cookies<div class="smalltext">(turn off local cookies first!)</div>';
			
 
				+$txt['globalCookiesDomain'] = 'Main domain used for subdomain independent cookies <div class="smalltext">(enable subdomain independent cookies first!<br />The domain could be for example: "website.com" or "website.co.uk" without http:// or slashes)</div>';
			
 
				+$txt['invalid_cookie_domain'] = 'The domain intruduced seems to be invalid, please check it and save again.';
			
 
				 $txt['secureCookies'] = 'Force cookies to be secure<div class="smalltext">(This only applies if you are using HTTPS - don\'t use otherwise!)</div>';
			
 
				 $txt['httponlyCookies'] = 'Force cookies to be made accessible only through the HTTP protocol. <div class="smalltext">(Cookies won\'t be accessible by scripting languages, such as JavaScript. This setting can help to reduce identity theft through XSS attacks.)</div>';
			
 
				 $txt['securityDisable'] = 'Disable administration security';