Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- * PHP session (cookies) exist only until the device is shut down. In order for users to "stay" logged in after that,
- * another cookie is needed, which is stored beyond the the device shut down. The following code checks whether
- * this cookie exists and whether the user has shut down the device in the meantime. If so, it checks whether the cookie
- * value is associated with a user and if so, a new session cookie is created.
- *
- * TODO: The current implementation allows this functionality only for a maximum of one browser instance. If the user
- * logs in with another browser instance and shut down the device, the user is no longer logged in when
- * reopening the first browser instance and must log in again.
- */
- // If the user isn't logged in but a session cookie exist
- if(empty($_SESSION['user_id']) and isset($_COOKIE['session_id'])) {
- // Check whether the cookie value is associated with a user
- $query = "SELECT user_id, is_admin FROM public.user WHERE session_id = :session_id";
- $query_params = array(':session_id' => $_COOKIE['session_id']);
- try{
- $stmt = $pdo->prepare($query);
- $result = $stmt->execute($query_params);
- }catch(PDOException $ex){
- echo '<span style="color: red">ERROR! Code: 002</span>';
- exit;
- }
- $row = $stmt->fetch();
- if(empty($row)){
- // If not, remove the session cookie. It's an old persisted session ID and is no longer needed.
- unset($_COOKIE['session_id']);
- setcookie('session_id', "", time() - 1, '/chat/');
- } else {
- // If true, log the user in and
- session_start();
- $_SESSION['user_id'] = $row['user_id'];
- $_SESSION['is_admin'] = $row['is_admin'];
- // create a new persisted session id and cookie. This is to prevent cookie theft (so for security purposes).
- // Generate new session ids until a unique session id is generated
- while(1){
- $possible_session_id = bin2hex(openssl_random_pseudo_bytes(16));
- $query = "SELECT 1 FROM public.user WHERE session_id = :session_id";
- $query_params = array(':session_id' => $possible_session_id);
- try{
- $stmt = $pdo->prepare($query);
- $result = $stmt->execute($query_params);
- }catch(PDOException $ex){
- echo '<span style="color: red">ERROR! Code: 003</span>';
- exit;
- }
- $row = $stmt->fetch();
- // When no row was found with this session id
- if(empty($row)){
- // The session id is unique and the script must no longer generate new session ids
- $session_id = $possible_session_id;
- break;
- }
- }
- // Set the session id of the logged in user to the generated session id
- $query = "UPDATE public.user SET session_id = :session_id WHERE user_id = :user_id";
- $query_params = array(':session_id' => $session_id, ':user_id' => $_SESSION['user_id']);
- try{
- $stmt = $pdo->prepare($query);
- $result = $stmt->execute($query_params);
- }catch(PDOException $ex){
- echo '<span style="color: red">ERROR! Code: 004</span>';
- exit;
- }
- // Set the new session id as session variable and as value of the session cookie
- setcookie("session_id", $session_id, time()+259200, "/chat/");
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement