From b302c08cfff073c29bceb6bda7cefc80eb62eaa7 Mon Sep 17 00:00:00 2001 From: Aaron Parecki Date: Sat, 25 Jul 2015 16:49:07 -0700 Subject: lock to JWT 2.* version --- controllers/controllers.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'controllers') diff --git a/controllers/controllers.php b/controllers/controllers.php index fc8425c..b3e23a7 100644 --- a/controllers/controllers.php +++ b/controllers/controllers.php @@ -1,11 +1,10 @@ request()->params(); if(array_key_exists('token', $params)) { try { - $data = JWT::decode($params['token'], Config::$jwtSecret); + $data = JWT::decode($params['token'], Config::$jwtSecret, array('HS256')); $_SESSION['user_id'] = $data->user_id; $_SESSION['me'] = $data->me; } catch(DomainException $e) { @@ -194,12 +193,14 @@ $app->get('/privacy', function() use($app) { $app->get('/add-to-home', function() use($app) { $params = $app->request()->params(); + header("Cache-Control: no-cache, must-revalidate"); if(array_key_exists('token', $params) && !session('add-to-home-started')) { + unset($_SESSION['add-to-home-started']); // Verify the token and sign the user in try { - $data = JWT::decode($params['token'], Config::$jwtSecret); + $data = JWT::decode($params['token'], Config::$jwtSecret, array('HS256')); $_SESSION['user_id'] = $data->user_id; $_SESSION['me'] = $data->me; $app->redirect('/new', 301); -- cgit v1.2.3