security update

2026-01-19 08:57:58 +03:00
parent 55b3d5f088
commit 5c084c6aaa
8 changed files with 182 additions and 49 deletions
--- a/config/db.php
+++ b/config/db.php
@@ -1,7 +1,7 @@
 <?php
 error_reporting(E_ALL);
-ini_set('display_errors', 1);
-ini_set('display_startup_errors', 1);
+ini_set('display_errors', 0);
+ini_set('display_startup_errors', 0);
 $host = 'localhost';
 $dbname = 'users';
 $username = 'root';
--- a/config/session.php
+++ b/config/session.php
@@ -0,0 +1,15 @@
+<?php
+if (session_status() === PHP_SESSION_NONE) {
+    $isSecure = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off';
+    ini_set('session.use_strict_mode', '1');
+    session_set_cookie_params([
+        'lifetime' => 0,
+        'path' => '/',
+        'domain' => '',
+        'secure' => $isSecure,
+        'httponly' => true,
+        'samesite' => 'Lax',
+    ]);
+    session_start();
+}
+?>