projects/usbcheck.it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

up

Browse Source
This commit is contained in:
Lars Gebhardt-Kusche
2025-12-01 01:47:59 +01:00
parent 5ad9c9327a
commit 4b533f2d8f
3 changed files with 110 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
config/fileload.php
View File

@@ -3,38 +3,20 @@
// 0) Umgebung / Domains / Error-Level
require_once __DIR__ . "/config.php";
// ----------------------------------------------------------
// Session starten (gemeinsam für Frontend + API Subdomains)
// -----------------------------------------------------------
// Session starten
// -----------------------------------------------------------
if (php_sapi_name() !== 'cli') {
if (session_status() === PHP_SESSION_NONE) {
// Einheitlicher Name für alle Teilbereiche
session_name('usbcheck_session');
$isHttps = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off');
// Cookie-Domain so wählen, dass ALLE Subdomains von usbcheck.it
// dieselbe Session sehen (staging., api.staging., www., …)
$cookieDomain = '';
if (!empty($_SERVER['HTTP_HOST'])) {
$host = $_SERVER['HTTP_HOST'];
// alles was auf "usbcheck.it" endet, bekommt die gemeinsame Domain
if (substr($host, -strlen('usbcheck.it')) === 'usbcheck.it') {
// wirkt für usbcheck.it, staging.usbcheck.it, api.staging.usbcheck.it, ...
$cookieDomain = '.usbcheck.it';
}
}
session_set_cookie_params([
'lifetime' => 0,
'path' => '/',
// WICHTIG: hier die Domain, damit API + Frontend teilen
'domain' => $cookieDomain ?: '',
'secure' => $isHttps,
'domain' => '',
'secure' => (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off'),
'httponly' => true,
// eTLD+1 ist gleich (usbcheck.it), daher reicht Lax für Same-Site
'samesite' => 'Lax',
]);
@@ -42,7 +24,57 @@ if (php_sapi_name() !== 'cli') {
}
}
require_once __DIR__ . '/i18n.php'; // <— zentrale Sprachlogik
/**
* ---------------------------------------------------------
* Persistente Client-ID (über Logins & Sessions hinweg)
* ---------------------------------------------------------
* Cookie-Name: usbcheck_client
* Domain:
* - staging: .staging.usbcheck.it
* - live: .usbcheck.it
*/
if (php_sapi_name() !== 'cli') {
$clientId = $_COOKIE['usbcheck_client'] ?? null;
if (!is_string($clientId) || $clientId === '' || !preg_match('/^[a-f0-9]{32}$/', $clientId)) {
// neue ID erzeugen
try {
$clientId = bin2hex(random_bytes(16));
} catch (Throwable $e) {
// Fallback sollte praktisch nie passieren
$clientId = bin2hex(openssl_random_pseudo_bytes(16));
}
$host = $_SERVER['HTTP_HOST'] ?? '';
$cookieDomain = null;
if (preg_match('/\.staging\.usbcheck\.it$/', $host)) {
$cookieDomain = '.staging.usbcheck.it';
} elseif (preg_match('/\.usbcheck\.it$/', $host)) {
$cookieDomain = '.usbcheck.it';
}
$cookieOpts = [
'expires' => time() + 365 * 24 * 60 * 60,
'path' => '/',
'secure' => (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off'),
'httponly' => false, // darf JS lesen, falls du es mal brauchst
'samesite' => 'Lax',
];
if ($cookieDomain) {
$cookieOpts['domain'] = $cookieDomain;
}
setcookie('usbcheck_client', $clientId, $cookieOpts);
$_COOKIE['usbcheck_client'] = $clientId; // lokal auch verfügbar
}
// global verfügbar machen
$GLOBALS['usb_client_id'] = $clientId;
}
require_once __DIR__ . '/i18n.php'; // <— NEU: zentrale Sprachlogik
// ab hier kannst du überall $GLOBALS['lang'] und $GLOBALS['availableLangs'] nutzen
// und für JS:
@@ -50,7 +82,6 @@ $usbConfig = [
// ... dein sonstiges Zeug ...
'i18n' => app_i18n_get_frontend_config(),
];
// -----------------------------------------------------------
// 7) Rest des Systems laden
// -----------------------------------------------------------