false, 'message' => 'Invalid request method.'], 405); } $send_to=$_SESSION["end_url"]; include "../../config/config.php"; $conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE); $keepmeloggedin=$_POST["keepmeloggedin"] ?? "false"; if($keepmeloggedin=="true"){ if (empty($_SESSION["id"]) || empty($_SESSION["pw_authenticated"]) || empty($_SESSION["mfa_authenticated"])) { json_response(['status' => 'failure', 'message' => 'Not fully authenticated'], 401); } $_SESSION["keepmeloggedin_asked"]=true; $user_id=$_SESSION["id"]; //create a login token $login_token=bin2hex(random_bytes(128)); $login_token_hash=remember_token_hash($login_token); $agent=$_SERVER['HTTP_USER_AGENT'] ?? ""; $sql="INSERT INTO keepmeloggedin (auth_token,user_id,agent) VALUES (?,?,?);"; $stmt = mysqli_prepare($conn, $sql); mysqli_stmt_bind_param($stmt, 'sis', $login_token_hash,$user_id,$agent); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); set_secure_cookie("auth_token", $login_token, time() + (30 * 24 * 60 * 60)); $data = [ 'status' => 'success' ]; echo(json_encode($data)); }else{ $_SESSION["keepmeloggedin_asked"]=true; $data = [ 'status' => 'success' ]; echo(json_encode($data)); } ?>