Merge pull request #607 from wrongecho/headers

Add X-Frame-Options to login pages & client portal
2023-02-05 15:46:22 -05:00 · 2023-02-05 15:46:22 -05:00 · b433cdb7e2
parent 4d55d0dfa2 e8c9e63a7b
commit b433cdb7e2
4 changed files with 7 additions and 1 deletions
--- a/login.php
+++ b/login.php
@ -1,5 +1,7 @@
 <?php

+header("X-Frame-Options: DENY");
+
 if (!file_exists('config.php')) {
    header("Location: setup.php");
    exit;
--- a/portal/check_login.php
+++ b/portal/check_login.php
@ -15,7 +15,7 @@ if (!isset($_SESSION)) {
    session_start();
 }

-if (!$_SESSION['client_logged_in']) {
+if (!isset($_SESSION['client_logged_in']) || !$_SESSION['client_logged_in']) {
    header("Location: login.php");
    die;
 }
--- a/portal/login.php
+++ b/portal/login.php
@ -4,6 +4,8 @@
 * Landing / Home page for the client portal
 */

+header("X-Frame-Options: DENY");
+
 $session_company_id = 1;
 require_once('../config.php');
 require_once('../functions.php');
--- a/portal/portal_header.php
+++ b/portal/portal_header.php
@ -3,6 +3,8 @@
 * Client Portal
 * HTML Header
 */
+
+header("X-Frame-Options: DENY");
 ?>

 <!DOCTYPE html>