117 lines
3.4 KiB
PHP
117 lines
3.4 KiB
PHP
<?php
|
|
session_start();
|
|
|
|
require_once 'db/config.php';
|
|
|
|
function on_successful_login($user) {
|
|
session_regenerate_id();
|
|
$_SESSION['user_id'] = $user['id'];
|
|
$_SESSION['role_id'] = $user['role_id'];
|
|
$_SESSION['role_name'] = $user['role_name'];
|
|
}
|
|
|
|
function remember_me($user_id) {
|
|
$pdo = db();
|
|
$token = bin2hex(random_bytes(16));
|
|
$hashed_token = hash('sha256', $token);
|
|
|
|
$stmt = $pdo->prepare("UPDATE users SET remember_token = ? WHERE id = ?");
|
|
$stmt->execute([$hashed_token, $user_id]);
|
|
|
|
$cookie_value = base64_encode(json_encode(['user_id' => $user_id, 'token' => $token]));
|
|
// Set cookie for 30 days
|
|
setcookie('remember_me', $cookie_value, time() + (86400 * 30), "/", "", true, true);
|
|
}
|
|
|
|
function login_via_cookie() {
|
|
if (isset($_COOKIE['remember_me'])) {
|
|
$cookie_data = json_decode(base64_decode($_COOKIE['remember_me']), true);
|
|
if (isset($cookie_data['user_id']) && isset($cookie_data['token'])) {
|
|
$user_id = $cookie_data['user_id'];
|
|
$token = $cookie_data['token'];
|
|
|
|
$pdo = db();
|
|
$stmt = $pdo->prepare("SELECT u.id, u.password_hash, u.role_id, r.role_name, u.remember_token FROM users u JOIN roles r ON u.role_id = r.id WHERE u.id = ?");
|
|
$stmt->execute([$user_id]);
|
|
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if ($user && hash_equals($user['remember_token'], hash('sha256', $token))) {
|
|
on_successful_login($user);
|
|
// For added security, regenerate the token
|
|
remember_me($user_id);
|
|
return true;
|
|
}
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
function is_logged_in() {
|
|
if (isset($_SESSION['user_id'])) {
|
|
return true;
|
|
}
|
|
return login_via_cookie();
|
|
}
|
|
|
|
function require_login() {
|
|
if (!is_logged_in()) {
|
|
header('Location: login.php');
|
|
exit();
|
|
}
|
|
}
|
|
|
|
function current_user_id() {
|
|
return $_SESSION['user_id'] ?? null;
|
|
}
|
|
|
|
function is_admin() {
|
|
if (!is_logged_in() || !isset($_SESSION['role_id'])) {
|
|
return false;
|
|
}
|
|
return (int)$_SESSION['role_id'] === 1;
|
|
}
|
|
|
|
function register_user($username, $email, $password) {
|
|
$pdo = db();
|
|
$password_hash = password_hash($password, PASSWORD_DEFAULT);
|
|
|
|
try {
|
|
$stmt = $pdo->prepare("INSERT INTO users (username, email, password_hash, role_id) VALUES (?, ?, ?, 2)");
|
|
return $stmt->execute([$username, $email, $password_hash]);
|
|
} catch (PDOException $e) {
|
|
// Handle duplicate entry
|
|
return false;
|
|
}
|
|
}
|
|
|
|
function login_user($email, $password, $remember = false) {
|
|
$pdo = db();
|
|
$stmt = $pdo->prepare("SELECT u.id, u.password_hash, u.role_id, r.role_name FROM users u JOIN roles r ON u.role_id = r.id WHERE u.email = ?");
|
|
$stmt->execute([$email]);
|
|
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if ($user && password_verify($password, $user['password_hash'])) {
|
|
on_successful_login($user);
|
|
if ($remember) {
|
|
remember_me($user['id']);
|
|
}
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
function logout_user() {
|
|
$pdo = db();
|
|
if (isset($_SESSION['user_id'])) {
|
|
$stmt = $pdo->prepare("UPDATE users SET remember_token = NULL WHERE id = ?");
|
|
$stmt->execute([$_SESSION['user_id']]);
|
|
}
|
|
|
|
if (isset($_COOKIE['remember_me'])) {
|
|
unset($_COOKIE['remember_me']);
|
|
setcookie('remember_me', '', time() - 3600, '/');
|
|
}
|
|
|
|
session_unset();
|
|
session_destroy();
|
|
} |