home » zplus/freepost.git
Author zPlus <-> 2016-03-18 20:32:19
Committer zPlus <-> 2016-03-18 20:32:19
Commit 24f070f (patch)
Tree 10a6254
Parent(s)

Remember me


commits diff: 2bfea4d..24f070f
4 files changed, 165 insertions, 12 deletionsdownload


Diffstat
-rw-r--r-- database.php 81
-rw-r--r-- login.php 17
-rw-r--r-- logout.php 30
-rw-r--r-- session.php 49

Diff options
View
Side
Whitespace
Context lines
Inter-hunk lines
+72/-9 M   database.php
index 68098c5..c12b9e5
old size: 36K - new size: 38K
@@ -13,7 +13,7 @@ class Database
13 13 $hash_id = '';
14 14
15 15 for ($i = 0; $i < $length; $i++)
16 - $hash_id .= $characters[rand (0, $characters_length - 1)];
16 + $hash_id .= $characters[mt_rand (0, $characters_length - 1)];
17 17
18 18 return $hash_id;
19 19 }
@@ -145,6 +145,69 @@ class Database
145 145 }
146 146
147 147 /**
148 + * Retrieve a $user from database using remember_me token
149 + */
150 + function get_remember_me ($token)
151 + {
152 + $user = array();
153 +
154 + if (is_null ($this->database))
155 + return $user;
156 +
157 + $query = $this->database->prepare(
158 + 'SELECT U.* ' .
159 + 'FROM `user` AS U ' .
160 + 'JOIN `remember_me` AS R ON R.`userId` = U.`id`' .
161 + 'WHERE R.`token` = ? AND R.`expires` > NOW()');
162 +
163 + $query->execute (array (hash ('sha512', $token)));
164 +
165 + $user = $query->fetch (PDO::FETCH_ASSOC);
166 +
167 + return $user;
168 + }
169 +
170 + /**
171 + * Set a new remember_me token to database
172 + *
173 + * @return secret token (cleartext)
174 + */
175 + function set_remember_me ($user_id)
176 + {
177 + /* Set remember me token.
178 + * The cleartext token is stored as a user cookie, while in our
179 + * database we store hash(token).
180 + */
181 +
182 + // Delete all previous remember_me tokens for $user
183 + self::delete_remember_me ($user_id);
184 +
185 + // Create a new secret token
186 + $token = self::get_random_string (128);
187 +
188 + $query = $this->database->prepare (
189 + 'INSERT INTO `remember_me` (`token`, `userId`, `expires`)' .
190 + 'VALUES (?, ?, NOW() + INTERVAL 30 DAY)');
191 +
192 + $query->execute (array (hash('sha512', $token), $user_id));
193 +
194 + return $token;
195 + }
196 +
197 + /**
198 + * Delete $user "remember_me" token
199 + */
200 + function delete_remember_me ($user_id)
201 + {
202 + // Delete all previous remember_me tokens for $user
203 + $query = $this->database->prepare(
204 + 'DELETE FROM `remember_me`' .
205 + 'WHERE `userId` = ?');
206 +
207 + $query->execute (array ($user_id));
208 + }
209 +
210 + /**
148 211 * Retrieve a post
149 212 */
150 213 function get_post ($hash_id)
@@ -815,15 +878,15 @@ class Database
815 878 'DELETE FROM `vote_post`' .
816 879 'WHERE `postId` = ? AND `userId` = ?');
817 880
818 - $query->execute (array ($post['id'], $user_id));
881 + $query->execute (array ($post['id'], $user_id));
882 +
883 + // Remove upvote from post
884 + $query = $this->database->prepare (
885 + 'UPDATE `post`' .
886 + 'SET `vote` = `vote` - 1 ' .
887 + 'WHERE `id` = ?');
819 888
820 - // Remove upvote from post
821 - $query = $this->database->prepare (
822 - 'UPDATE `post`' .
823 - 'SET `vote` = `vote` - 1 ' .
824 - 'WHERE `id` = ?');
825 -
826 - $query->execute (array ($post['id']));
889 + $query->execute (array ($post['id']));
827 890
828 891 } elseif ($vote['vote'] == -1) {
829 892 // Already downvoted before. Change to upvote.

+17/-0 M   login.php
index 70d7baf..9b87235
old size: 3K - new size: 3K
@@ -37,9 +37,26 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST')
37 37 if (is_null ($user) || empty ($user))
38 38 {
39 39 $feedback = 'Bad login!';
40 +
40 41 } else {
42 +
43 + // Set session
41 44 Session::set ($user);
42 45
46 + // Also set "remember_me" cookie
47 + // Add "remember_me" cookie with secret token (30 days)
48 + $token = $db->set_remember_me ($user['id']);
49 +
50 + setcookie (
51 + 'remember_me', // name
52 + $token, // value
53 + time()+60*60*24*30, // expire (30 days)
54 + '/', // path
55 + 'freepo.st', // domain
56 + false, // secure (clients send cookie only through HTTPS)
57 + true); // httponly (no javascript)
58 +
59 + // After login, redirect to homepage
43 60 header ('Location: ./');
44 61 exit ();
45 62 }

+30/-0 M   logout.php
index e8c7235..7d7a2c2
old size: 90B - new size: 849B
@@ -1,8 +1,38 @@
1 1 <?php
2 2
3 3 require_once 'session.php';
4 + require_once 'database.php';
4 5
6 + // Not a valid session
7 + if (!Session::is_valid ())
8 + {
9 + header ('Location: ./');
10 + exit ();
11 + }
12 +
13 + // Delete "remember_me" cookie
14 + if (isset ($_COOKIE['remember_me']))
15 + {
16 + $db = new Database ();
17 + $db->connect ();
18 + $db->delete_remember_me (Session::get_userid ());
19 +
20 + unset ($_COOKIE['remember_me']);
21 +
22 + // Invalidate cookie
23 + setcookie (
24 + 'remember_me', // name
25 + NULL, // value
26 + -1, // expire
27 + '/', // path
28 + 'freepo.st', // domain
29 + false, // secure (clients send cookie only through HTTPS)
30 + true); // httponly (no javascript)
31 + }
32 +
33 + // Delete session
5 34 Session::delete ();
6 35
36 + // Logged out, redirect to homepage
7 37 header ('Location: ./');
8 38 exit ();
8 38 = \ No newline at end of file

+46/-3 M   session.php
index ded267d..5a3abe2
old size: 2K - new size: 3K
@@ -1,7 +1,6 @@
1 1 <?php
2 2
3 - session_name ('freepost');
4 - session_start ();
3 + require_once 'database.php';
5 4
6 5 class Session {
7 6 public static function is_valid ()
@@ -40,6 +39,10 @@ class Session {
40 39 */
41 40 public static function set ($user)
42 41 {
42 + if (is_null ($user) || empty ($user))
43 + return;
44 +
45 + // Set session variable
43 46 $_SESSION = array (
44 47 'user' => array (
45 48 'id' => $user['id'],
@@ -60,11 +63,51 @@ class Session {
60 63 $_SESSION['user'][$property] = $value;
61 64 }
62 65
66 + // Retrieve session from cookie
67 + public static function remember_me ()
68 + {
69 + // We already have a session, nothing to do here
70 + if (Session::is_valid ())
71 + return;
72 +
73 + // Check if user does not have a "remember_me" cookie
74 + if (!isset ($_COOKIE['remember_me']))
75 + return;
76 +
77 + // Validate token
78 + $db = new Database ();
79 + $db->connect ();
80 +
81 + $user = $db->get_remember_me ($_COOKIE['remember_me']);
82 +
83 + self::set ($user);
84 + }
85 +
63 86 public static function delete ()
64 87 {
65 88 unset ($_SESSION);
66 89 session_destroy ();
67 90
91 + // Delete session
68 92 $_SESSION = NULL;
69 93 }
70 - }
70 > \ No newline at end of file
94 + }
95 +
96 + session_name ('freepost');
97 + session_start ();
98 +
99 + /* Once the session is started, check for "remember_me" tokens.
100 + * If the session is already set, this function doesn't do anything.
101 + * If session is not set, and a valid token is set on user's cookies,
102 + * than the user is retrieved.
103 + */
104 + Session::remember_me ();
105 +
106 +
107 +
108 +
109 +
110 +
111 +
112 +
113 +