Arno0x · crackedeggs1 · May 20, 2016 · May 20, 2016
diff --git a/login/login.php b/login/login.php
@@ -73,7 +73,8 @@
 	        // - Ensure Cookies are not available to Javascript
 	        // - Cookies are sent on https only
 	        $domain = ($_SERVER['HTTP_HOST'] !== 'localhost') ? $_SERVER['SERVER_NAME'] : false;
-	        session_set_cookie_params (0, "/", $domain, true, true);
+		$is_secure = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on");
+	        session_set_cookie_params (0, "/", $domain, $is_secure, true);
 
 	        // Create a session
 	        session_start();
@@ -86,7 +87,7 @@
 	        // Checking which URL we should redirect the user to
 	        if (isset($_POST["from"])) {
 	        	$from = urldecode($_POST["from"]);
-	            $redirectTo = ((isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on")? "https://" : "http://").$_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$from;
+			$redirectTo = ($is_secure ? "https://" : "http://").$_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$from;
 	        }
 	        else {
 	            $redirectTo = AUTH_SUCCEED_REDIRECT_URL;
@@ -102,4 +103,4 @@
     	require_once("loginForm.php");
     }
 }
-?>
+?>
diff --git a/nginx/auth.php b/nginx/auth.php
@@ -46,7 +46,12 @@
 	}
 
 	if ($canLog) {
-		$debugHandle = fopen ($debugFileName ,"a");
+		$mode = "a";
+		if (file_exists($debugFileName) AND filesize($debugFileName) > 104857600)
+		{
+			$mode = "w";
+		}
+		$debugHandle = fopen ($debugFileName, $mode);
 
 		foreach ($_SERVER as $key => $value) {
 			if (is_array($value)) {