From cac836b55cadc57214a9cfb3c0bf81321d12f440 Mon Sep 17 00:00:00 2001
From: Glomberg <bazz@bk.ru>
Date: Fri, 12 Apr 2024 11:30:50 +0300
Subject: [PATCH] Fix. Admin. Cookies `logged_in` fixed.

---
 inc/spbc-admin.php            | 12 ++++++++++--
 security-malware-firewall.php | 23 +++++++++++++++--------
 2 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/inc/spbc-admin.php b/inc/spbc-admin.php
index 8473ce123..0c7687b87 100644
--- a/inc/spbc-admin.php
+++ b/inc/spbc-admin.php
@@ -157,8 +157,16 @@ function spbc_admin_init()
     }
 
     // Set cookie to detect admin on public pages
-    if ( ! empty($spbc->settings['data__set_cookies']) && ! Cookie::get('spbc_admin_logged_in') && is_admin() && current_user_can('manage_options') ) {
-        Cookie::set('spbc_admin_logged_in', md5($spbc->data['salt'] . 'admin' . parse_url(get_option('home'), PHP_URL_HOST)), time() + 86400 * 365, '/');
+    if (
+            ! empty($spbc->settings['data__set_cookies']) &&
+            (
+                ! Cookie::get('spbc_admin_logged_in') ||
+                Cookie::get('spbc_admin_logged_in') !== md5($spbc->data['salt'] . 'admin' . get_option('home'))
+            ) &&
+            is_admin() &&
+            current_user_can('manage_options')
+    ) {
+        Cookie::set('spbc_admin_logged_in', md5($spbc->data['salt'] . 'admin' . get_option('home')), time() + 86400 * 365, '/');
     }
 }
 
diff --git a/security-malware-firewall.php b/security-malware-firewall.php
index f0725b913..02ee814b1 100644
--- a/security-malware-firewall.php
+++ b/security-malware-firewall.php
@@ -425,8 +425,15 @@ function spbc_set_headers()
         }
 
         // Set cookie to detect any logged in user
-        if ( spbc_is_user_logged_in() && ! empty($spbc->settings['data__set_cookies']) && ! Cookie::get('spbc_is_logged_in') ) {
-            Cookie::set('spbc_is_logged_in', md5($spbc->data['salt'] . parse_url(get_option('home'), PHP_URL_HOST)), time() + 86400 * 365, '/');
+        if (
+            spbc_is_user_logged_in() &&
+            ! empty($spbc->settings['data__set_cookies']) &&
+            (
+                ! Cookie::get('spbc_is_logged_in') ||
+                Cookie::get('spbc_is_logged_in') !== md5($spbc->data['salt'] . get_option('home'))
+            )
+        ) {
+            Cookie::set('spbc_is_logged_in', md5($spbc->data['salt'] . get_option('home')), time() + 86400 * 365, '/');
         }
     }
 }
@@ -527,7 +534,7 @@ function spbc_firewall__check()
                 'log_table'    => SPBC_TBL_TC_LOG,
                 'state'        => $spbc,
                 'api_key'      => $spbc->api_key,
-                'is_logged_in' => Cookie::get('spbc_is_logged_in') === md5($spbc->data['salt'] . parse_url(get_option('home'), PHP_URL_HOST)),
+                'is_logged_in' => Cookie::get('spbc_is_logged_in') === md5($spbc->data['salt'] . get_option('home')),
                 'user_is_admin' => spbc_user_is_admin(),
                 'store_interval' => $spbc->settings['traffic_control__autoblock_timeframe'],
                 'tc_limit'     => $spbc->settings['traffic_control__autoblock_amount'],
@@ -548,7 +555,7 @@ function spbc_firewall__check()
         ];
         if ( $spbc->settings['waf_blocker__enabled'] ) {
             $waf_blocker_params = [
-                'is_logged_in' => Cookie::get('spbc_is_logged_in') === md5($spbc->data['salt'] . parse_url(get_option('home'), PHP_URL_HOST)),
+                'is_logged_in' => Cookie::get('spbc_is_logged_in') === md5($spbc->data['salt'] . get_option('home')),
                 'db' => DB::getInstance(),
                 'ip_array' => $firewall->ip_array
             ];
@@ -577,7 +584,7 @@ function spbc_firewall__check()
             'api_key'       => $spbc->api_key,
             'state'         => $spbc,
             'is_login_page' => strpos(trim(Server::getURL(), '/'), trim($login_url, '/')) === 0,
-            'is_logged_in'  => Cookie::get('spbc_is_logged_in') === md5($spbc->data['salt'] . parse_url(get_option('home'), PHP_URL_HOST)),
+            'is_logged_in'  => Cookie::get('spbc_is_logged_in') === md5($spbc->data['salt'] . get_option('home')),
             'bf_limit'      => $spbc->settings['bfp__allowed_wrong_auths'],
             'block_period'  => $spbc->settings['bfp__block_period__5_fails'],
             'count_period'  => $spbc->settings['bfp__count_interval'], // Counting login attempts in this interval
@@ -689,7 +696,7 @@ function spbc_authenticate__check_brute_force()
             'api_key'       => $spbc->api_key,
             'state'         => $spbc,
             'is_login_page' => strpos(trim(Server::getURL(), '/'), trim($login_url, '/')) === 0,
-            'is_logged_in'  => Cookie::get('spbc_is_logged_in') === md5($spbc->data['salt'] . parse_url(get_option('home'), PHP_URL_HOST)),
+            'is_logged_in'  => Cookie::get('spbc_is_logged_in') === md5($spbc->data['salt'] . get_option('home')),
             'bf_limit'      => $spbc->settings['bfp__allowed_wrong_auths'],
             'block_period'  => $spbc->settings['bfp__block_period__5_fails'],
             'count_period'  => $spbc->settings['bfp__count_interval'],
@@ -1023,8 +1030,8 @@ function spbc_user_is_admin()
 
     if (!empty($spbc->settings['data__set_cookies'])) {
         return
-            Cookie::get('spbc_is_logged_in') === md5($spbc->data['salt'] . parse_url(get_option('home'), PHP_URL_HOST)) &&
-            Cookie::get('spbc_admin_logged_in') === md5($spbc->data['salt'] . 'admin' . parse_url(get_option('home'), PHP_URL_HOST));
+            Cookie::get('spbc_is_logged_in') === md5($spbc->data['salt'] . get_option('home')) &&
+            Cookie::get('spbc_admin_logged_in') === md5($spbc->data['salt'] . 'admin' . get_option('home'));
     }
 
     return is_admin();