diff --git a/application/controllers/Login.php b/application/controllers/Login.php
index 6165772..23908d4 100644
--- a/application/controllers/Login.php
+++ b/application/controllers/Login.php
@@ -25,7 +25,8 @@
$_SESSION['loggedOut'] = false;
$rememberMe = isset($_POST['rememberMe']) ? $_POST['rememberMe'] : 'off';
$this->LoginModel->login($_POST['loginname'], $_POST['loginPassword'], $rememberMe);
- isset($_GET['r']) && !empty($_GET['r']) ? redirect(base64_decode($_GET['r'])) : redirect(base_url('login'));
+
+ isset($_GET['r']) && !empty($_GET['r']) ? redirect(base64_decode(urldecode($_GET['r']))) : redirect(base_url('login'));
}
$notice = isset($_SESSION['notice']) ? $_SESSION['notice'] : '';
@@ -141,13 +142,11 @@
public function logout()
{
- unset($_SESSION['user']);
- $this->load->helper('cookie');
-// delete_cookie('rememberMe');
-// delete_cookie('token');
- $notice = 'Abgemeldet! Du wurdest erfolgreich abgemeldet! Ich hoffe wir sehen uns bald wieder.
';
+ $this->LoginModel->logout();
+
+ $notice = 'Abgemeldet! Du wurdest erfolgreich abgemeldet! Ich hoffe, wir sehen uns bald wieder.
';
$_SESSION['notice'] = $notice;
- $_SESSION['loggedOut'] = true;
+
$redirect = isset($_GET['redirect']) ? urldecode(base64_decode($_GET['redirect'])) : base_url("login");
redirect($redirect);
}
diff --git a/application/models/LoginModel.php b/application/models/LoginModel.php
index 8309fd5..b61a827 100644
--- a/application/models/LoginModel.php
+++ b/application/models/LoginModel.php
@@ -37,6 +37,17 @@
}
}
+ public function logout() {
+ delete_cookie('rememberMe');
+ delete_cookie('rememberToken');
+
+ $userID = $_SESSION['user']['ID'];
+ $this->db->query('UPDATE users SET isCurrentlyOnline = false, rememberToken = null WHERE ID = ?', [$userID]);
+
+ unset($_SESSION['user']);
+ $_SESSION['loggedOut'] = true;
+ }
+
public function getLoginData($username)
{
$this->db->cache_off();
@@ -53,6 +64,12 @@
return $passwordHash;
}
+ private function generateRandomUserHash($username) {
+ $base = uniqid();
+ $seed = $username . date(time());
+ return md5($base . $seed);
+ }
+
public function startLoginSession($logindata, $rememberMe)
{
$this->reloadLoginSession($logindata);
@@ -61,20 +78,14 @@
if ($rememberMe == 'on') {
$expire = 3600 * 24 * 60;
- $userHash = $this->LoginModel->getUserHash($logindata['username'], $logindata['password'], $logindata['email'], $logindata['ID']);
-// $this->input->set_cookie('rememberMe', base64_encode($logindata['username']), $expire, base_url(), '/');
-// $this->input->set_cookie('token', $userHash, $expire, base_url(), '/');
+ $userHash = base64_encode($logindata['username']);
+ $loginHash = $this->generateRandomUserHash($userHash);
+ $this->db->query('UPDATE users SET rememberToken = ? WHERE ID = ?', [$loginHash, $logindata['ID']]);
- var_dump(get_cookie('rememberMe'));
+ $domain = explode('/', base_url())[2];
- echo 'fresh';
- var_dump($_COOKIE);
- $_COOKIE['rememberMe'] = base64_encode($logindata['username']);
- $_COOKIE['token'] = $userHash;
- echo 'tech';
-// var_dump(get_cookie('rememberMe'));
-// var_dump(get_cookie('token'));
- var_dump($_COOKIE);
+ $this->input->set_cookie('rememberMe', $userHash, $expire, $domain, '/');
+ $this->input->set_cookie('rememberToken', $loginHash, $expire, $domain, '/');
}
}
@@ -143,28 +154,20 @@
if (isset($_SESSION['loggedOut']) && $_SESSION['loggedOut']) {
return;
}
- var_dump('test');
- if (!isset($_SESSION['user']) && isset($_COOKIE['rememberMe']) && isset($_COOKIE['token'])) {
- var_dump($_COOKIE);
+ if (!isset($_SESSION['user']) && isset($_COOKIE['rememberMe']) && isset($_COOKIE['rememberToken'])) {
$logindata = $this->getLoginData(base64_decode($_COOKIE['rememberMe']));
if (!empty($logindata)) {
$logindata = $logindata[0];
- $token = $this->getUserHash($logindata['username'], $logindata['password'], $logindata['email'], $logindata['ID']);
+ $result = $this->db->query('SELECT rememberToken FROM users WHERE ID = ?', [$logindata['ID']])->result_array();
+ $token = $result[0]['rememberToken'];
- if ($_COOKIE['token'] == $token) {
- echo '
TEST!
';
+ if ($token !== null && sizeof($token) == 32 && $_COOKIE['rememberToken'] == $token) {
$this->startLoginSession($logindata, 'on');
}
}
}
}
- public function getUserHash($username, $password, $email, $id)
- {
- $hash = hash('sha256', $id . '//' . $username . '//' . substr($password, 0, 5) . '//' . substr($email, 0, 5));
- return $hash;
- }
-
public function hashMailExists($emailHash, $activation_key)
{
$results = $this->db->query('SELECT ID FROM users WHERE MD5(email) = ? AND is_activated = 0 AND activation_key = ?', [$emailHash, $activation_key])->result_array();