diff --git a/home.php b/home.php
index c013c59..e3ec221 100644
--- a/home.php
+++ b/home.php
@@ -75,11 +75,11 @@ if (!is_empty($_GET['page'])) {
@@ -145,7 +145,7 @@ END;
if (file_exists(__DIR__ . "/apps/" . $app . ".php")) {
include_once __DIR__ . "/apps/" . $app . ".php";
$apptitle = $APPS[$app]['title'];
- $appicon = (is_empty($APPS[$app]['icon']) ? "" : "fa fa-" . $APPS[$app]['icon']);
+ $appicon = (is_empty($APPS[$app]['icon']) ? "" : "fa fa-fw fa-" . $APPS[$app]['icon']);
$apptype = (is_empty($APPS[$app]['type']) ? "default" : $APPS[$app]['type']);
$appcontent = $APPS[$app]['content'];
echo << "Account security",
"sign out" => "Sign out",
"settings" => "Settings",
+ "options" => "Options",
"404 error" => "404 Error",
"page not found" => "Page not found.",
"current password incorrect" => "The current password is incorrect. Try again.",
diff --git a/required.php b/required.php
index 30b3b6d..9047867 100644
--- a/required.php
+++ b/required.php
@@ -3,18 +3,27 @@
/**
* This file contains global settings and utility functions.
*/
-ob_start();
-session_start();
-
+ob_start(); // allow sending headers after content
+// Unicode, solves almost all stupid encoding problems
header('Content-Type: text/html; charset=utf-8');
+// l33t $ecurity h4x
+header('X-Content-Type-Options: nosniff');
+header('X-XSS-Protection: 1; mode=block');
+header('X-Powered-By: Late-night coding frenzies (plz send caffeine, thx)');
+header('X-Hacker: Why are you looking at HTTP headers? Get a life! ');
+$session_length = 60 * 60; // 1 hour
+session_set_cookie_params($session_length, "/", null, false, true);
+
+session_start(); // stick some cookies in it
+
// Composer
require __DIR__ . '/vendor/autoload.php';
// Settings file
require __DIR__ . '/settings.php';
-
+// List of alert messages
require __DIR__ . '/lang/messages.php';
-
+// text strings (i18n)
require __DIR__ . '/lang/' . LANGUAGE . ".php";
function sendError($error) {