From d8005a5c4b5a49e7944cbda7428354969a9cc6c9 Mon Sep 17 00:00:00 2001 From: Patrick Barnhardt Date: Wed, 8 Nov 2023 15:44:06 -0500 Subject: [PATCH] Update login.php --- login.php | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 62 insertions(+), 6 deletions(-) diff --git a/login.php b/login.php index 05667937..b3f5c547 100644 --- a/login.php +++ b/login.php @@ -2,14 +2,20 @@ // Initialize the session session_start(); -// Check if the user is already logged in, if yes redirect to the admin dashboard -if (isset($_SESSION["logged_in"]) && $_SESSION["logged_in"] === true) { - header("location: admin/dashboard.php"); - exit; -} - // Include config file require_once(__DIR__ . '/config/app.php'); +// Include the helpers file +require_once(__DIR__ . '/includes/utils/helpers.php'); +// Include the validation file +require_once(__DIR__ . '/includes/validateCookieSession.inc.php'); + +//include the authenticator class +$authenticator = new Authenticator(); + +// Check if the user is already logged in, if yes redirect to the admin dashboard +if ($logged_in === true) { + performRedirect('/admin/dashboard.php'); +} // Define variables and initialize with empty values $username = $password = ""; @@ -17,6 +23,8 @@ // Processing form data when form is submitted if ($_SERVER["REQUEST_METHOD"] == "POST") { + //set the authentication flag to false + $auth_flag = false; // Check if username is empty if (empty(trim($_POST["username"]))) { @@ -52,6 +60,12 @@ error_log("Failed to log the user in: " . $e->getMessage()); // Display a generic error message $login_error = "Invalid username or password."; + } finally { + //check for an error message + if (empty($login_error)) { + //set the authentication flag to false + $auth_flag = false; + } } } else { // Password is not valid, display a generic error message @@ -65,6 +79,44 @@ // either username or password is not valid, display a generic error message $login_error = "Invalid username or password."; } + + if ($auth_flag === true) { + //set the SESSION variables + $_SESSION["user_id"] = $user_id; + + //if the remember me checkbox is checked, set the cookies + if (!empty($_POST["remember"])) { + //set the randomization variables + $random_selector = randomizeEncryption(32, 32); + $random_password = randomizeEncryption(16, 16); + + //hash the randomization variables + $random_selector_hash = password_hash($random_selector, PASSWORD_DEFAULT); + $random_password_hash = password_hash($random_password, PASSWORD_DEFAULT); + + //set the cookie expiry date + $cookie_expiry_date = date("Y-m-d H:i:s", $expiration_time); + + //set the cookies + setcookies($user_id, $username, $random_password_hash, $random_selector_hash, $cookie_expiry_date); + + //expire the existing token if it exists + $userToken = $authenticator->getAuthenticationToken($user_id, $username, 0); + if ($userToken) { + $authenticator->expireToken($userToken[0]["id"]); + } + + //create the token + $authenticator->createToken($user_id, $username, $random_password_hash, $random_selector_hash, $cookie_expiry_date); + } else { + //clear the cookies + clearCookies(); + } + performRedirect('/admin/dashboard.php'); + } else { + //set the login error + $login_error = "Invalid username or password."; + } } ?> @@ -96,6 +148,10 @@ +
+ + +