Archived
1
0

Fix remember me function on login

This commit is contained in:
Marcel 2018-12-28 13:42:22 +01:00
parent 1a1ac17ecf
commit b036b4d36e
2 changed files with 33 additions and 31 deletions

View File

@ -25,7 +25,8 @@
$_SESSION['loggedOut'] = false; $_SESSION['loggedOut'] = false;
$rememberMe = isset($_POST['rememberMe']) ? $_POST['rememberMe'] : 'off'; $rememberMe = isset($_POST['rememberMe']) ? $_POST['rememberMe'] : 'off';
$this->LoginModel->login($_POST['loginname'], $_POST['loginPassword'], $rememberMe); $this->LoginModel->login($_POST['loginname'], $_POST['loginPassword'], $rememberMe);
isset($_GET['r']) && !empty($_GET['r']) ? redirect(base64_decode($_GET['r'])) : redirect(base_url('login'));
isset($_GET['r']) && !empty($_GET['r']) ? redirect(base64_decode(urldecode($_GET['r']))) : redirect(base_url('login'));
} }
$notice = isset($_SESSION['notice']) ? $_SESSION['notice'] : ''; $notice = isset($_SESSION['notice']) ? $_SESSION['notice'] : '';
@ -141,13 +142,11 @@
public function logout() public function logout()
{ {
unset($_SESSION['user']); $this->LoginModel->logout();
$this->load->helper('cookie');
// delete_cookie('rememberMe'); $notice = '<div class="alert alert-warning alert-dismissible"><button type="button" class="close" data-dismiss="alert" aria-label="Schließen"><span aria-hidden="true">&times;</span></button><strong>Abgemeldet!</strong> Du wurdest erfolgreich abgemeldet! Ich hoffe, wir sehen uns bald wieder.</div>';
// delete_cookie('token');
$notice = '<div class="alert alert-warning alert-dismissible"><button type="button" class="close" data-dismiss="alert" aria-label="Schließen"><span aria-hidden="true">&times;</span></button><strong>Abgemeldet!</strong> Du wurdest erfolgreich abgemeldet! Ich hoffe wir sehen uns bald wieder.</div>';
$_SESSION['notice'] = $notice; $_SESSION['notice'] = $notice;
$_SESSION['loggedOut'] = true;
$redirect = isset($_GET['redirect']) ? urldecode(base64_decode($_GET['redirect'])) : base_url("login"); $redirect = isset($_GET['redirect']) ? urldecode(base64_decode($_GET['redirect'])) : base_url("login");
redirect($redirect); redirect($redirect);
} }

View File

@ -37,6 +37,17 @@
} }
} }
public function logout() {
delete_cookie('rememberMe');
delete_cookie('rememberToken');
$userID = $_SESSION['user']['ID'];
$this->db->query('UPDATE users SET isCurrentlyOnline = false, rememberToken = null WHERE ID = ?', [$userID]);
unset($_SESSION['user']);
$_SESSION['loggedOut'] = true;
}
public function getLoginData($username) public function getLoginData($username)
{ {
$this->db->cache_off(); $this->db->cache_off();
@ -53,6 +64,12 @@
return $passwordHash; return $passwordHash;
} }
private function generateRandomUserHash($username) {
$base = uniqid();
$seed = $username . date(time());
return md5($base . $seed);
}
public function startLoginSession($logindata, $rememberMe) public function startLoginSession($logindata, $rememberMe)
{ {
$this->reloadLoginSession($logindata); $this->reloadLoginSession($logindata);
@ -61,20 +78,14 @@
if ($rememberMe == 'on') { if ($rememberMe == 'on') {
$expire = 3600 * 24 * 60; $expire = 3600 * 24 * 60;
$userHash = $this->LoginModel->getUserHash($logindata['username'], $logindata['password'], $logindata['email'], $logindata['ID']); $userHash = base64_encode($logindata['username']);
// $this->input->set_cookie('rememberMe', base64_encode($logindata['username']), $expire, base_url(), '/'); $loginHash = $this->generateRandomUserHash($userHash);
// $this->input->set_cookie('token', $userHash, $expire, base_url(), '/'); $this->db->query('UPDATE users SET rememberToken = ? WHERE ID = ?', [$loginHash, $logindata['ID']]);
var_dump(get_cookie('rememberMe')); $domain = explode('/', base_url())[2];
echo 'fresh'; $this->input->set_cookie('rememberMe', $userHash, $expire, $domain, '/');
var_dump($_COOKIE); $this->input->set_cookie('rememberToken', $loginHash, $expire, $domain, '/');
$_COOKIE['rememberMe'] = base64_encode($logindata['username']);
$_COOKIE['token'] = $userHash;
echo 'tech';
// var_dump(get_cookie('rememberMe'));
// var_dump(get_cookie('token'));
var_dump($_COOKIE);
} }
} }
@ -143,28 +154,20 @@
if (isset($_SESSION['loggedOut']) && $_SESSION['loggedOut']) { if (isset($_SESSION['loggedOut']) && $_SESSION['loggedOut']) {
return; return;
} }
var_dump('test'); if (!isset($_SESSION['user']) && isset($_COOKIE['rememberMe']) && isset($_COOKIE['rememberToken'])) {
if (!isset($_SESSION['user']) && isset($_COOKIE['rememberMe']) && isset($_COOKIE['token'])) {
var_dump($_COOKIE);
$logindata = $this->getLoginData(base64_decode($_COOKIE['rememberMe'])); $logindata = $this->getLoginData(base64_decode($_COOKIE['rememberMe']));
if (!empty($logindata)) { if (!empty($logindata)) {
$logindata = $logindata[0]; $logindata = $logindata[0];
$token = $this->getUserHash($logindata['username'], $logindata['password'], $logindata['email'], $logindata['ID']); $result = $this->db->query('SELECT rememberToken FROM users WHERE ID = ?', [$logindata['ID']])->result_array();
$token = $result[0]['rememberToken'];
if ($_COOKIE['token'] == $token) { if ($token !== null && sizeof($token) == 32 && $_COOKIE['rememberToken'] == $token) {
echo '<br> TEST! <br>';
$this->startLoginSession($logindata, 'on'); $this->startLoginSession($logindata, 'on');
} }
} }
} }
} }
public function getUserHash($username, $password, $email, $id)
{
$hash = hash('sha256', $id . '//' . $username . '//' . substr($password, 0, 5) . '//' . substr($email, 0, 5));
return $hash;
}
public function hashMailExists($emailHash, $activation_key) public function hashMailExists($emailHash, $activation_key)
{ {
$results = $this->db->query('SELECT ID FROM users WHERE MD5(email) = ? AND is_activated = 0 AND activation_key = ?', [$emailHash, $activation_key])->result_array(); $results = $this->db->query('SELECT ID FROM users WHERE MD5(email) = ? AND is_activated = 0 AND activation_key = ?', [$emailHash, $activation_key])->result_array();