47 lines
1.4 KiB
PHP
47 lines
1.4 KiB
PHP
<?php
|
|
include "../utils/security.php";
|
|
secure_session_start();
|
|
require_same_origin_request();
|
|
require_csrf_token();
|
|
header('Content-Type: application/json');
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
json_response(['success' => false, 'message' => 'Invalid request method.'], 405);
|
|
}
|
|
$send_to=$_SESSION["end_url"];
|
|
|
|
include "../../config/config.php";
|
|
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
|
|
$keepmeloggedin=$_POST["keepmeloggedin"] ?? "false";
|
|
if($keepmeloggedin=="true"){
|
|
if (empty($_SESSION["id"]) || empty($_SESSION["pw_authenticated"]) || empty($_SESSION["mfa_authenticated"])) {
|
|
json_response(['status' => 'failure', 'message' => 'Not fully authenticated'], 401);
|
|
}
|
|
$_SESSION["keepmeloggedin_asked"]=true;
|
|
$user_id=$_SESSION["id"];
|
|
|
|
//create a login token
|
|
$login_token=bin2hex(random_bytes(128));
|
|
$login_token_hash=remember_token_hash($login_token);
|
|
$agent=$_SERVER['HTTP_USER_AGENT'] ?? "";
|
|
$sql="INSERT INTO keepmeloggedin (auth_token,user_id,agent) VALUES (?,?,?);";
|
|
$stmt = mysqli_prepare($conn, $sql);
|
|
mysqli_stmt_bind_param($stmt, 'sis', $login_token_hash,$user_id,$agent);
|
|
mysqli_stmt_execute($stmt);
|
|
mysqli_stmt_close($stmt);
|
|
set_secure_cookie("auth_token", $login_token, time() + (30 * 24 * 60 * 60));
|
|
$data = [
|
|
'status' => 'success'
|
|
];
|
|
echo(json_encode($data));
|
|
|
|
}else{
|
|
$_SESSION["keepmeloggedin_asked"]=true;
|
|
$data = [
|
|
'status' => 'success'
|
|
];
|
|
echo(json_encode($data));
|
|
}
|
|
|
|
|
|
?>
|