Add 'Stay signed in' feature #13
This commit is contained in:
parent
a530140220
commit
8bec6cfb55
3
core.php
3
core.php
|
|
@ -33,8 +33,9 @@ function createTables($sqlDB) {
|
|||
* created (TEXT)
|
||||
* ip (TEXT)
|
||||
* useragent (TEXT)
|
||||
* key (TEXT)
|
||||
*/
|
||||
$Database->exec("CREATE TABLE IF NOT EXISTS users(id INTEGER PRIMARY KEY, username TEXT, password TEXT, usertype INT, primaryadmin INT, numberofcomments INT, lastused TEXT, created TEXT, ip TEXT, useragent TEXT)");
|
||||
$Database->exec("CREATE TABLE IF NOT EXISTS users(id INTEGER PRIMARY KEY, username TEXT, password TEXT, usertype INT, primaryadmin INT, numberofcomments INT, lastused TEXT, created TEXT, ip TEXT, useragent TEXT, key TEXT)");
|
||||
|
||||
/* comments table
|
||||
* id (INTEGER PRIMARY KEY)
|
||||
|
|
|
|||
|
|
@ -138,7 +138,9 @@ if ($Type == "Admin") {
|
|||
$typeNum = 1;
|
||||
}
|
||||
|
||||
$Database->exec("INSERT INTO users(username, password, usertype, primaryadmin, numberofcomments, lastused, created, ip, useragent) VALUES('$Username', '$Password', '$typeNum', '$firstUser', '$numberOfComments', '$lastUsed', '$Created', '$ip', '$userAgent')");
|
||||
$Key = hash('sha256', rand());
|
||||
|
||||
$Database->exec("INSERT INTO users(username, password, usertype, primaryadmin, numberofcomments, lastused, created, ip, useragent, key) VALUES('$Username', '$Password', '$typeNum', '$firstUser', '$numberOfComments', '$lastUsed', '$Created', '$ip', '$userAgent', '$Key')");
|
||||
|
||||
if ($Redirect == "admin") {
|
||||
header("Location: admin.php?action=users");
|
||||
|
|
|
|||
94
login.php
94
login.php
|
|
@ -4,16 +4,24 @@ include "core.php";
|
|||
|
||||
$Authorized = 0;
|
||||
$userType = 0;
|
||||
$staySignedIn = 0;
|
||||
$Redirect = "";
|
||||
|
||||
if (isset($_REQUEST['redir'])) {
|
||||
$Redirect = htmlspecialchars($_REQUEST['redir']);
|
||||
}
|
||||
|
||||
if (isset($_REQUEST['stay_signed_in'])) {
|
||||
$staySignedIn = htmlspecialchars($_REQUEST['stay_signed_in']);
|
||||
}
|
||||
|
||||
if (isset($_REQUEST['logout']) && htmlspecialchars($_REQUEST['logout']) == "true") {
|
||||
session_unset();
|
||||
session_destroy();
|
||||
|
||||
if (isset($_COOKIE['username'])) setcookie("username", "", time() - 3600);
|
||||
if (isset($_COOKIE['key'])) setcookie("key", "", time() - 3600);
|
||||
|
||||
header('Location: login.php');
|
||||
die();
|
||||
}
|
||||
|
|
@ -30,15 +38,80 @@ if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
|
|||
}
|
||||
|
||||
if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
|
||||
$Database = createTables($sqlDB);
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
$Username = "";
|
||||
$Password = "";
|
||||
$Key = "";
|
||||
|
||||
$Database = createTables($sqlDB);
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['username'] == htmlspecialchars($_REQUEST['username']) && htmlspecialchars($_REQUEST['username']) != "" && password_verify(htmlspecialchars($_REQUEST['password']), $line['password'])) {
|
||||
$Username = $line['username'];
|
||||
$Password = $line['password'];
|
||||
$Key = $line['key'];
|
||||
$id = $line['id'];
|
||||
|
||||
// update last usage
|
||||
if ($storeLastUsage || $storeLastUsage == "true") {
|
||||
$lastUsed = date($dateFormat);
|
||||
$Database->exec("UPDATE users SET lastused='$lastUsed' WHERE id='$id'");
|
||||
}
|
||||
|
||||
// update IP address
|
||||
if ($storeIP || $storeIP == "true") {
|
||||
$ip = getIPAddress();
|
||||
$Database->exec("UPDATE users SET ip='$ip' WHERE id='$id'");
|
||||
}
|
||||
|
||||
// update user agent
|
||||
if ($storeAgent || $storeAgent == "true") {
|
||||
$userAgent = getUserAgent();
|
||||
$Database->exec("UPDATE users SET useragent='$userAgent' WHERE id='$id'");
|
||||
}
|
||||
|
||||
if ($line['key'] == "") {
|
||||
$Key = hash('sha256', rand());
|
||||
$Database->exec("UPDATE users SET key='$Key' WHERE id='$id'");
|
||||
}
|
||||
|
||||
$Authorized = 1;
|
||||
$userType = $line['usertype'];
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if ($Authorized != 1) {
|
||||
if ($Redirect != "") { // just so we can try again and still be redirected to the right place
|
||||
header("Location: login.php?e=true&redir=$Redirect");
|
||||
} else {
|
||||
header("Location: login.php?e=true");
|
||||
}
|
||||
die();
|
||||
}
|
||||
|
||||
$_SESSION['type'] = $userType;
|
||||
$_SESSION['username'] = $Username;
|
||||
$_SESSION['password'] = $Password;
|
||||
|
||||
setcookie('username', $Username, time() + ((86400 * 30) * 30), "/");
|
||||
setcookie('key', $Key, time() + ((86400 * 30) * 30), "/");
|
||||
|
||||
if ($Redirect != "") { // just so we can try again and still be redirected to the right place
|
||||
header("Location: login.php?e=true&redir=$Redirect");
|
||||
} else {
|
||||
header("Location: login.php?e=true");
|
||||
}
|
||||
|
||||
die();
|
||||
} else if (isset($_COOKIE['username']) && isset($_COOKIE['key'])) {
|
||||
$Database = createTables($sqlDB);
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if (htmlspecialchars($_COOKIE['username']) == $line['username'] && htmlspecialchars($_COOKIE['key']) == $line['key']) {
|
||||
$Username = $line['username'];
|
||||
$Password = $line['password'];
|
||||
$Key = $line['key'];
|
||||
$id = $line['id'];
|
||||
|
||||
// update last usage
|
||||
|
|
@ -66,6 +139,10 @@ if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
|
|||
}
|
||||
}
|
||||
|
||||
$_SESSION['type'] = $userType;
|
||||
$_SESSION['username'] = $Username;
|
||||
$_SESSION['password'] = $Password;
|
||||
|
||||
if ($Authorized != 1) {
|
||||
if ($Redirect != "") { // just so we can try again and still be redirected to the right place
|
||||
header("Location: login.php?e=true&redir=$Redirect");
|
||||
|
|
@ -75,16 +152,7 @@ if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
|
|||
die();
|
||||
}
|
||||
|
||||
$_SESSION['type'] = $userType;
|
||||
$_SESSION['username'] = $Username;
|
||||
$_SESSION['password'] = $Password;
|
||||
|
||||
if ($Redirect != "") { // just so we can try again and still be redirected to the right place
|
||||
header("Location: login.php?e=true&redir=$Redirect");
|
||||
} else {
|
||||
header("Location: login.php?e=true");
|
||||
}
|
||||
|
||||
header("Location: /");
|
||||
die();
|
||||
} else {
|
||||
$html = "";
|
||||
|
|
@ -98,6 +166,8 @@ if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
|
|||
$html .= "\t\t\t\t\t<input type=\"password\" name=\"password\" placeholder=\"Password\">\n";
|
||||
if (isset($Redirect)) $html .= "\t\t\t\t\t<input type=\"hidden\" name=\"redir\" value=\"$Redirect\">\n";
|
||||
$html .= "\t\t\t\t\t<input type=\"submit\" value=\"Login\">\n";
|
||||
$html .= "\t\t\t\t\t<br><br><input type=\"checkbox\" id=\"stay_signed_in\" value=\"1\" name=\"stay_signed_in\">\n";
|
||||
$html .= "\t\t\t\t\t<label for=\"stay_signed_in\">Stay signed in</label><br>\n";
|
||||
$html .= "\t\t\t\t</form>\n";
|
||||
|
||||
if (isset($_REQUEST['e']) && $_REQUEST['e'] == "true") {
|
||||
|
|
|
|||
|
|
@ -44,7 +44,9 @@ if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
|
|||
}
|
||||
}
|
||||
|
||||
$Database->exec("INSERT INTO users(username, password, usertype, primaryadmin, numberofcomments, lastused, created, ip, useragent) VALUES('$Username', '$Password', '1', '0', '0', '$lastUsed', '$Created', '$ip', '$userAgent')");
|
||||
$Key = hash('sha256', rand());
|
||||
|
||||
$Database->exec("INSERT INTO users(username, password, usertype, primaryadmin, numberofcomments, lastused, created, ip, useragent, key) VALUES('$Username', '$Password', '1', '0', '0', '$lastUsed', '$Created', '$ip', '$userAgent', '$Key')");
|
||||
|
||||
header("Location: login.php");
|
||||
die();
|
||||
|
|
|
|||
Loading…
Reference in a new issue