7200, 'path' => '/', 'domain' => '', // Set your domain as needed. 'secure' => $secure, 'httponly' => true, 'samesite' => 'Lax' ]; if (session_status() === PHP_SESSION_NONE) { session_set_cookie_params($cookieParams); ini_set('session.gc_maxlifetime', 7200); session_start(); } if (empty($_SESSION['csrf_token'])) { $_SESSION['csrf_token'] = bin2hex(random_bytes(32)); } // Auto-login via persistent token. if (!isset($_SESSION["authenticated"]) && isset($_COOKIE['remember_me_token'])) { $persistentTokensFile = USERS_DIR . 'persistent_tokens.json'; $persistentTokens = []; if (file_exists($persistentTokensFile)) { $encryptedContent = file_get_contents($persistentTokensFile); $decryptedContent = decryptData($encryptedContent, $encryptionKey); $persistentTokens = json_decode($decryptedContent, true); if (!is_array($persistentTokens)) { $persistentTokens = []; } } if (isset($persistentTokens[$_COOKIE['remember_me_token']])) { $tokenData = $persistentTokens[$_COOKIE['remember_me_token']]; if ($tokenData['expiry'] >= time()) { $_SESSION["authenticated"] = true; $_SESSION["username"] = $tokenData["username"]; // IMPORTANT: Set the folderOnly flag here for auto-login. $_SESSION["folderOnly"] = loadUserPermissions($tokenData["username"]); } else { unset($persistentTokens[$_COOKIE['remember_me_token']]); $newEncryptedContent = encryptData(json_encode($persistentTokens, JSON_PRETTY_PRINT), $encryptionKey); file_put_contents($persistentTokensFile, $newEncryptedContent, LOCK_EX); setcookie('remember_me_token', '', time() - 3600, '/', '', $secure, true); } } } define('BASE_URL', 'http://yourwebsite/uploads/'); if (strpos(BASE_URL, 'yourwebsite') !== false) { $defaultShareUrl = isset($_SERVER['HTTP_HOST']) ? "http://" . $_SERVER['HTTP_HOST'] . "/share.php" : "http://localhost/share.php"; } else { $defaultShareUrl = rtrim(BASE_URL, '/') . "/share.php"; } define('SHARE_URL', getenv('SHARE_URL') ? getenv('SHARE_URL') : $defaultShareUrl);