From 8b091c59f6ac4df7ac0b4960c02cc3c7a65cea20 Mon Sep 17 00:00:00 2001
From: Skylar Ittner <admin@netsyms.com>
Date: Mon, 17 Apr 2017 19:28:56 -0600
Subject: [PATCH] Icon/text tweaks, add security headers

---
 home.php       |  8 ++++----
 lang/en_us.php |  1 +
 required.php   | 19 ++++++++++++++-----
 3 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/home.php b/home.php
index c013c59..e3ec221 100644
--- a/home.php
+++ b/home.php
@@ -75,11 +75,11 @@ if (!is_empty($_GET['page'])) {
                         </ul>
                         <ul class="nav navbar-nav navbar-right">
                             <li class="dropdown">
-                                <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false"><i class="fa fa-gears"></i> <?php lang("settings"); ?> <span class="caret"></span></a>
+                                <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false"><i class="fa fa-gears fa-fw"></i> <?php lang("options") ?> <span class="caret"></span></a>
                                 <ul class="dropdown-menu" role="menu">
-                                    <li><a href="home.php?page=security"><i class="fa fa-lock"></i> <?php lang("account security"); ?></a></li>
+                                    <li><a href="home.php?page=security"><i class="fa fa-lock fa-fw"></i> <?php lang("account security") ?></a></li>
                                     <li class="divider"></li>
-                                    <li><a href="action.php?action=signout"><?php lang("sign out"); ?></a></li>
+                                    <li><a href="action.php?action=signout"><i class="fa fa-sign-out fa-fw"></i> <?php lang("sign out") ?></a></li>
                                 </ul>
                             </li>
                         </ul>
@@ -145,7 +145,7 @@ END;
                     if (file_exists(__DIR__ . "/apps/" . $app . ".php")) {
                         include_once __DIR__ . "/apps/" . $app . ".php";
                         $apptitle = $APPS[$app]['title'];
-                        $appicon = (is_empty($APPS[$app]['icon']) ? "" : "fa fa-" . $APPS[$app]['icon']);
+                        $appicon = (is_empty($APPS[$app]['icon']) ? "" : "fa fa-fw fa-" . $APPS[$app]['icon']);
                         $apptype = (is_empty($APPS[$app]['type']) ? "default" : $APPS[$app]['type']);
                         $appcontent = $APPS[$app]['content'];
                         echo <<<END
diff --git a/lang/en_us.php b/lang/en_us.php
index 0d59c14..0f4b589 100644
--- a/lang/en_us.php
+++ b/lang/en_us.php
@@ -19,6 +19,7 @@ define("STRINGS", [
     "account security" => "Account security",
     "sign out" => "Sign out",
     "settings" => "Settings",
+    "options" => "Options",
     "404 error" => "404 Error",
     "page not found" => "Page not found.",
     "current password incorrect" => "The current password is incorrect.  Try again.",
diff --git a/required.php b/required.php
index 30b3b6d..9047867 100644
--- a/required.php
+++ b/required.php
@@ -3,18 +3,27 @@
 /**
  * This file contains global settings and utility functions.
  */
-ob_start();
-session_start();
-
+ob_start(); // allow sending headers after content
+// Unicode, solves almost all stupid encoding problems
 header('Content-Type: text/html; charset=utf-8');
 
+// l33t $ecurity h4x
+header('X-Content-Type-Options: nosniff');
+header('X-XSS-Protection: 1; mode=block');
+header('X-Powered-By: Late-night coding frenzies (plz send caffeine, thx)');
+header('X-Hacker: Why are you looking at HTTP headers? Get a life! </sarcasm>');
+$session_length = 60 * 60; // 1 hour
+session_set_cookie_params($session_length, "/", null, false, true);
+
+session_start(); // stick some cookies in it
+
 // Composer
 require __DIR__ . '/vendor/autoload.php';
 // Settings file
 require __DIR__ . '/settings.php';
-
+// List of alert messages
 require __DIR__ . '/lang/messages.php';
-
+// text strings (i18n)
 require __DIR__ . '/lang/' . LANGUAGE . ".php";
 
 function sendError($error) {