diff --git a/_templates/_head.php b/_templates/_head.php
index 96f672502091ad6067282c7222c458da0abe5ede..4a9da8418cfa6c139f3dd68d38144cfae9e76cdb 100644
--- a/_templates/_head.php
+++ b/_templates/_head.php
@@ -8,7 +8,22 @@
<!-- Bootstrap core CSS -->
<link href="<?=get_config('base_path')?>assets/dist/css/bootstrap.min.css" rel="stylesheet">
- <title>Photogram by LAHTP</title>
+ <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
+ <script>
+ // Initialize the agent at application startup.
+ const fpPromise = import('https://openfpcdn.io/fingerprintjs/v3')
+ .then(FingerprintJS => FingerprintJS.load())
+
+ // Get the visitor identifier when you need it.
+ fpPromise
+ .then(fp => fp.get())
+ .then(result => {
+ // This is the visitor identifier:
+ const visitorId = result.visitorId
+ console.log(visitorId)
+ $('#fingerprint').val(visitorId);
+ })
+ </script>
<? if (file_exists($_SERVER['DOCUMENT_ROOT'] .get_config('base_path').'css/' . basename($_SERVER['PHP_SELF'], ".php") . ".css")) { ?>
<link href="<?=get_config('base_path')?>css/<?= basename($_SERVER['PHP_SELF'], ".php") ?>.css" rel="stylesheet">
<? } ?>
diff --git a/_templates/_login.php b/_templates/_login.php
index 4f3fc2ceec3d3071bc4d8ea5b36bf729e03ccc0b..8a28403367ffe8c1b829dee44cfc78cef05bc12f 100644
--- a/_templates/_login.php
+++ b/_templates/_login.php
@@ -23,6 +23,7 @@ if ($result) {
<form method="post" action="login.php">
<img class="mb-4" src="https://git.selfmade.ninja/uploads/-/system/appearance/logo/1/Logo_Dark.png" alt=""
height="50">
+ <input name="fingerprint" type="hidden" id="fingerprint" value="">
<h1 class="h3 mb-3 fw-normal">Please sign in</h1>
<div class="form-floating">
diff --git a/libs/includes/UserSession.class.php b/libs/includes/UserSession.class.php
index 55ea45be254e75068fd05b732cdc3cdd0dfc77fd..6e20ce49a921d85a71255ebc5016f1732f1e8ce1 100644
--- a/libs/includes/UserSession.class.php
+++ b/libs/includes/UserSession.class.php
@@ -15,11 +15,13 @@ class UserSession
$conn = Database::getConnection();
$ip = $_SERVER['REMOTE_ADDR'];
$agent = $_SERVER['HTTP_USER_AGENT'];
+ $fingerprint = $_POST['fingerprint'];
$token = md5(rand(0, 9999999) . $ip . $agent . time());
- $sql = "INSERT INTO `session` (`uid`, `token`, `login_time`, `ip`, `user_agent`, `active`)
- VALUES ('$user->id', '$token', now(), '$ip', '$agent', '1')";
+ $sql = "INSERT INTO `session` (`uid`, `token`, `login_time`, `ip`, `user_agent`, `active`, `fingerprint`)
+ VALUES ('$user->id', '$token', now(), '$ip', '$agent', '1', '$fingerprint')";
if ($conn->query($sql)) {
Session::set('session_token', $token);
+ Session::set('fingerprint', $fingerprint);
return $token;
} else {
return false;
@@ -46,7 +48,9 @@ class UserSession
if ($session->isValid() and $session->isActive()) {
if ($_SERVER['REMOTE_ADDR'] == $session->getIP()) {
if ($_SERVER['HTTP_USER_AGENT'] == $session->getUserAgent()) {
- return true;
+ if ($session->getFingerprint() == $_SESSION['fingerprint']){
+ return true;
+ } else throw new Exception("FingerPrint doesn't match");
} else throw new Exception("User agent does't match");
} else throw new Exception("IP does't match");
} else {
@@ -123,6 +127,12 @@ class UserSession
}
}
+ public function getFingerprint(){
+ if (isset($this->data['fingerprint'])) {
+ return $this->data['fingerprint'] ? true : false;
+ }
+ }
+
//This function remove current session
public function removeSession()
{