CryptorClub · vitorgamer58 · Jan 8, 2019 · Jan 9, 2019 · Jan 9, 2019 · Jan 9, 2019
diff --git a/common.php b/common.php
@@ -1,10 +1,14 @@
 <?php
 //ini_set('display_startup_errors',1);
 //ini_set('display_errors',1);
+ini_set('session.cookie_httponly', 1);
+ini_set('session.cookie_secure', 1);
 //error_reporting(-1);
 
 session_start();
 header('Cache-control: private'); // IE 6 FIX
+header("X-XSS-Protection: 1; mode=block");
+header("X-Content-Type-Options: nosniff");
 
 define("WITHDRAWALS_ENABLED", true); //Disable withdrawals during maintenance
 
@@ -31,7 +35,7 @@ function satoshitrim($satoshitrim) {
 // register the session and set the cookie
 $_SESSION['lang'] = $lang;
 
-setcookie('lang', $lang, time() + (3600 * 24 * 30));
+setcookie('lang', $lang, time() + (3600 * 24 * 30), NULL, NULL, TRUE, TRUE);
 }
 else if(isSet($_SESSION['lang']))
 {

diff --git a/view/admin_info.php b/view/admin_info.php
@@ -26,15 +26,15 @@
 </table>
 <br />
 <p>Set new password:</p>
-<form action="<?php echo '?a=info&i=' . $info['id']; ?>" method="POST" class="clearfix" id="pwdform">
+<form action="<?php echo '?a=info&i=' . $info['id']; ?>" method="POST" autocomplete="off" class="clearfix" id="pwdform">
     <input type="hidden" name="action" value="password" />
     <div class="col-md-4"><input type="password" class="form-control" name="password" placeholder="New password"></div>
     <div class="col-md-2"><button type="submit" class="btn btn-default">Change password</button></div>
 </form>
 <p id="pwdmsg"></p>
 <br />
 <p>Withdraw funds:</p>
-<form action="<?php echo '?a=info&i=' . $info['id']; ?>" method="POST" class="clearfix" id="withdrawform">
+<form action="<?php echo '?a=info&i=' . $info['id']; ?>" method="POST" autocomplete="off" class="clearfix" id="withdrawform">
     <input type="hidden" name="action" value="withdraw" />
     <div class="col-md-4"><input type="text" class="form-control" name="address" placeholder="Address"></div>
     <div class="col-md-2"><input type="text" class="form-control" name="amount" placeholder="Amount"></div>

diff --git a/view/home.php b/view/home.php
@@ -7,16 +7,16 @@
                 }
                 ?>
                 <p><?php echo $lang['FORM_LOGIN']; ?></p>
-                <form action="index.php" method="POST" class="clearfix">
+                <form action="index.php" method="POST" autocomplete="off" class="clearfix">
                     <input type="hidden" name="action" value="login" />
                     <div class="col-md-2"><input type="text" class="form-control" name="username" placeholder="<?php echo $lang['FORM_USER']; ?>"></div>
                     <div class="col-md-2"><input type="password" class="form-control" name="password" placeholder="<?php echo $lang['FORM_PASS']; ?>"></div>
-<div class="col-md-2"><input type "text" class="form-control" name="auth" placeholder="<?php echo $lang['FORM_2FA']; ?>"></div>
+<div class="col-md-2"><input type="text" class="form-control" name="auth" placeholder="<?php echo $lang['FORM_2FA']; ?>"></div>
                     <div class="col-md-2"><button type="submit" class="btn btn-default"><?php echo $lang['FORM_LOGIN']; ?></button></div>
                 </form>
                 <br />
                 <p><?php echo $lang['FORM_CREATE']; ?></p>
-                <form action="index.php" method="POST" class="clearfix">
+                <form action="index.php" method="POST" autocomplete="off" class="clearfix">
                     <input type="hidden" name="action" value="register" />
                     <div class="col-md-2"><input type="text" class="form-control" name="username" placeholder="<?php echo $lang['FORM_USER']; ?>"></div>
                     <div class="col-md-2"><input type="password" class="form-control" name="password" placeholder="<?php echo $lang['FORM_PASS']; ?>"></div>

diff --git a/view/wallet.php b/view/wallet.php
@@ -50,7 +50,7 @@
 
 <br />
 <p><strong><?php echo $lang['WALLET_PASSUPDATE']; ?></strong></p>
-<form action="index.php" method="POST" class="clearfix" id="pwdform">
+<form action="index.php" method="POST" autocomplete="off" class="clearfix" id="pwdform">
     <input type="hidden" name="action" value="password" />
     <input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
     <div class="col-md-2"><input type="password" class="form-control" name="oldpassword" placeholder="<?php echo $lang['WALLET_PASSUPDATEOLD']; ?>"></div>
@@ -65,7 +65,7 @@
 <p><strong><?php echo $lang['WALLET_SEND']; ?></strong></p>
 <button type="button" class="btn btn-default" id="donate">Donate to <?=$fullname?> wallet's owner!</button><br />
 <p id="donateinfo" style="display: none;">Type the amount you want to donate and click <strong>Withdraw</strong></p>
-<form action="index.php" method="POST" class="clearfix" id="withdrawform">
+<form action="index.php" method="POST" autocomplete="off" class="clearfix" id="withdrawform">
     <input type="hidden" name="action" value="withdraw" />
     <input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
     <div class="col-md-4"><input type="text" class="form-control" name="address" placeholder="<?php echo $lang['WALLET_ADDRESS']; ?>"></div>
@@ -93,8 +93,8 @@
 foreach ($addressList as $address)
 {
 echo "<tr><td>".$address."</t>";?>
-<td><a href="<?php echo $server_url;?>qrgen/?address=<?php echo $address;?>">
-  <img src="<?php echo $server_url;?>qrgen/?address=<?php echo $address;?>" alt="QR Code" style="width:42px;height:42px;border:0;"></td><tr>
+<td><a href="qrgen/?address=<?php echo $address;?>">
+  <img src="qrgen/?address=<?php echo $address;?>" alt="QR Code" style="width:42px;height:42px;border:0;"></td><tr>
 <?php
 }
 ?>