Jakach/jakach-login
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixing some security issues and harderning service
Deploy / deploy (push) Successful in 38s
Details

Browse Source
This commit is contained in:
janis steiner
2026-05-06 08:51:51 +02:00
parent 4d8ce1da43
commit 7ae7df0a11
30 changed files with 328 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app-code/api/login/keepmeloggedin.php
+11 -5
View File
@@ -1,24 +1,30 @@
<?php
session_start();
include "../utils/security.php";
secure_session_start();
require_same_origin_request();
header('Content-Type: application/json');
$send_to=$_SESSION["end_url"];
include "../../config/config.php";
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
$keepmeloggedin=$_POST["keepmeloggedin"];
$keepmeloggedin=$_POST["keepmeloggedin"] ?? "false";
if($keepmeloggedin=="true"){
if (empty($_SESSION["id"]) || empty($_SESSION["pw_authenticated"]) || empty($_SESSION["mfa_authenticated"])) {
json_response(['status' => 'failure', 'message' => 'Not fully authenticated'], 401);
}
$_SESSION["keepmeloggedin_asked"]=true;
$user_id=$_SESSION["id"];
//create a login token
$login_token=bin2hex(random_bytes(128));
$agent=$_SERVER['HTTP_USER_AGENT'];
$login_token_hash=remember_token_hash($login_token);
$agent=$_SERVER['HTTP_USER_AGENT'] ?? "";
$sql="INSERT INTO keepmeloggedin (auth_token,user_id,agent) VALUES (?,?,?);";
$stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, 'sis', $login_token,$user_id,$agent);
mysqli_stmt_bind_param($stmt, 'sis', $login_token_hash,$user_id,$agent);
mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
setcookie("auth_token", $login_token, time() + (30 * 24 * 60 * 60), "/", "", true, true);
set_secure_cookie("auth_token", $login_token, time() + (30 * 24 * 60 * 60));
$data = [
'status' => 'success'
];