This commit is contained in:
@@ -5,17 +5,22 @@
|
||||
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
|
||||
if (isset($_COOKIE['auth_token'])) {
|
||||
$auth_token=$_COOKIE['auth_token'];
|
||||
$auth_token_hash=remember_token_hash($auth_token);
|
||||
$sql="SELECT user_id,agent FROM keepmeloggedin WHERE auth_token = ?";
|
||||
$user_id=0;
|
||||
$agent="";
|
||||
$stmt = mysqli_prepare($conn, $sql);
|
||||
mysqli_stmt_bind_param($stmt, 's',$auth_token);
|
||||
mysqli_stmt_bind_param($stmt, 's',$auth_token_hash);
|
||||
mysqli_stmt_execute($stmt);
|
||||
mysqli_stmt_store_result($stmt);
|
||||
if(mysqli_stmt_num_rows($stmt) == 1){
|
||||
mysqli_stmt_bind_result($stmt, $user_id,$agent);
|
||||
mysqli_stmt_fetch($stmt);
|
||||
mysqli_stmt_close($stmt);
|
||||
if (!hash_equals($agent, $_SERVER['HTTP_USER_AGENT'] ?? "")) {
|
||||
delete_cookie("auth_token");
|
||||
return $ret;
|
||||
}
|
||||
|
||||
//load user data
|
||||
$sql="SELECT auth_method_required_pw, auth_method_required_2fa, auth_method_required_passkey, username, user_token,last_login, login_message,telegram_id, permissions FROM users WHERE id = ?";
|
||||
@@ -52,6 +57,7 @@
|
||||
$_SESSION["keepmeloggedin_asked"]=true;
|
||||
$_SESSION["logged_in"]=true;
|
||||
$_SESSION["needs_auth"]=false;
|
||||
session_regenerate_id(true);
|
||||
$ret="success";
|
||||
}
|
||||
mysqli_stmt_close($stmt);
|
||||
|
||||
Reference in New Issue
Block a user