PonyMirrors/ponepaste
1
0
Fork 0
mirror of https://github.com/Neetpone/ponepaste.git synced 2025-03-12 14:40:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Improve logout and remember me

Browse source
This commit is contained in:
Floorb 2021-07-24 15:12:19 -04:00
parent 3b772bb5ff
commit d6ba330be4
5 changed files with 42 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
includes/User.class.php
View file

@ -10,6 +10,10 @@ class User {
$this->username = $row['username']; $this->username = $row['username'];
} }
public function destroySession(DatabaseHandle $conn, string $token) {
$conn->query('DELETE FROM user_sessions WHERE user_id = ? AND token = ?', [$this->user_id, $token]);
}
public static function findByUsername(DatabaseHandle $conn, string $username) : User | null { public static function findByUsername(DatabaseHandle $conn, string $username) : User | null {
$query = $conn->query('SELECT id, username FROM users WHERE username = ?', [$username]); $query = $conn->query('SELECT id, username FROM users WHERE username = ?', [$username]);
$row = $query->fetch(); $row = $query->fetch();
@ -35,13 +39,22 @@ class User {
public static function createFromRememberToken(DatabaseHandle $conn, string $remember_token) : User | null { public static function createFromRememberToken(DatabaseHandle $conn, string $remember_token) : User | null {
$result = $conn->query( $result = $conn->query(
'SELECT users.id AS id, users.username AS username, users.banned AS banned 'SELECT users.id AS id, users.username AS username, users.banned AS banned, user_sessions.id AS session_id, user_sessions.expire_at AS session_expiry
FROM user_sessions FROM user_sessions
INNER JOIN users ON users.id = user_sessions.user_id INNER JOIN users ON users.id = user_sessions.user_id
WHERE user_sessions.token = ?', [$remember_token] WHERE user_sessions.token = ?', [$remember_token]
); );
if ($row = $result->fetch()) { if ($row = $result->fetch()) {
$session_expiry = new DateTime($row['session_expiry']);
$now = new DateTime();
/* Session is expired (diff is negative) */
if ($now->diff($session_expiry)->invert === 1) {
$conn->query('DELETE FROM user_sessions WHERE id = ?', [$row['session_id']]);
return null;
}
return new User($row); return new User($row);
} }

8
includes/common.php
View file

@ -141,14 +141,6 @@ if (in_array($lang_file, scandir('langs/'))) {
$ip = $_SERVER['REMOTE_ADDR']; $ip = $_SERVER['REMOTE_ADDR'];
if (is_banned($conn, $ip)) die($lang['banned']); // "You have been banned from ".$site_name; if (is_banned($conn, $ip)) die($lang['banned']); // "You have been banned from ".$site_name;
// Logout
if (isset($_GET['logout'])) {
header('Location: ' . $_SERVER['HTTP_REFERER']);
unset($_SESSION['user_id']);
unset($_SESSION['pic']);
session_destroy();
}
$site_ads = getSiteAds($conn); $site_ads = getSiteAds($conn);
$total_pastes = getSiteTotalPastes($conn); $total_pastes = getSiteTotalPastes($conn);
$total_page_views = getSiteTotalviews($conn); $total_page_views = getSiteTotalviews($conn);

4
login.php
View file

@ -92,10 +92,12 @@ if (isset($_POST['forgot'])) {
if ($remember_me) { if ($remember_me) {
$remember_token = pp_random_token(); $remember_token = pp_random_token();
$expire_at = (new DateTime())->add(new DateInterval('P1Y'));
$conn->query('INSERT INTO user_sessions (user_id, token) VALUES (?, ?)', [$user_id, $remember_token]); $conn->query('INSERT INTO user_sessions (user_id, token, expire_at) VALUES (?, ?, FROM_UNIXTIME(?))', [$user_id, $remember_token, $expire_at->format('U')]);
setcookie(User::REMEMBER_TOKEN_COOKIE, $remember_token, [ setcookie(User::REMEMBER_TOKEN_COOKIE, $remember_token, [
'expires' => (int) $expire_at->format('U'),
'secure' => !empty($_SERVER['HTTPS']), /* Local dev environment is non-HTTPS */ 'secure' => !empty($_SERVER['HTTPS']), /* Local dev environment is non-HTTPS */
'httponly' => true, 'httponly' => true,
'samesite' => 'Lax' 'samesite' => 'Lax'

21
logout.php Normal file
View file

@ -0,0 +1,21 @@
<?php
// Required functions
define('IN_PONEPASTE', 1);
require_once('includes/common.php');
require_once('includes/functions.php');
if ($_SERVER['REQUEST_METHOD'] !== 'POST' || $current_user === null) {
header('Location: ' . $_SERVER['HTTP_REFERER']);
die();
}
/* Destroy remember token */
$current_user->destroySession($conn, $_COOKIE[User::REMEMBER_TOKEN_COOKIE]);
unset($_COOKIE[User::REMEMBER_TOKEN_COOKIE]);
setcookie(User::REMEMBER_TOKEN_COOKIE, null, time() - 3600);
/* Destroy PHP session */
unset($_SESSION['user_id']);
session_destroy();
header('Location: ' . $_SERVER['HTTP_REFERER']);

8
theme/bulma/header.php
View file

@ -132,11 +132,11 @@ $start = $time;
echo '<a class="navbar-item" href="' . '//' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/user.php?user=' . urlencode($current_user->username) . '">Pastes</a>'; echo '<a class="navbar-item" href="' . '//' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/user.php?user=' . urlencode($current_user->username) . '">Pastes</a>';
echo '<a class="navbar-item" href="' . '//' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/profile.php">Settings</a>'; echo '<a class="navbar-item" href="' . '//' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/profile.php">Settings</a>';
} }
echo '<hr class="navbar-divider">
<a class="navbar-item" href="../?logout">Logout</a>
</div>
</div>';
?> ?>
<hr class="navbar-divider" />
<form action="logout.php" method="POST">
<input class="button navbar-link" type="submit" value="Logout" style="border:none;padding: 0.375rem 1rem;"/>
</form>
<?php } else { ?> <?php } else { ?>
<div class="buttons"> <div class="buttons">
<?php <?php