diff --git a/app-code/api/auth/check_auth_key.php b/app-code/api/auth/check_auth_key.php
index 1095af5..e6e4a93 100644
--- a/app-code/api/auth/check_auth_key.php
+++ b/app-code/api/auth/check_auth_key.php
@@ -17,7 +17,7 @@ if(mysqli_stmt_num_rows($stmt) == 1){
//we now have userid, close stmt
mysqli_stmt_close($stmt);
- $sql="SELECT username, email, telegram_id FROM users WHERE id = ?";
+ $sql="SELECT username, email, telegram_id, user_token FROM users WHERE id = ?";
$stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, 'i', $user_id);
mysqli_stmt_execute($stmt);
@@ -25,7 +25,8 @@ if(mysqli_stmt_num_rows($stmt) == 1){
$username="";
$email="";
$telegram="";
- mysqli_stmt_bind_result($stmt,$username,$email,$telegram);
+ $user_token="";
+ mysqli_stmt_bind_result($stmt,$username,$email,$telegram,$user_token);
mysqli_stmt_fetch($stmt);
mysqli_stmt_close($stmt);
$data=[
@@ -34,7 +35,8 @@ if(mysqli_stmt_num_rows($stmt) == 1){
'username'=>$username,
'email'=>$email,
'telegram_id'=>$telegram,
- 'id'=>$user_id
+ 'id'=>$user_id,
+ 'user_token'=>$user_token
];
//remove auth key
diff --git a/app-code/api/login/redirect.php b/app-code/api/login/redirect.php
index 4117fff..613dcf5 100644
--- a/app-code/api/login/redirect.php
+++ b/app-code/api/login/redirect.php
@@ -60,7 +60,7 @@ else{
$username=$_SESSION["username"];
$_SESSION["needs_auth"]=false;
$_SESSION["logged_in"]=false;
- $sql="SELECT auth_method_required_pw, auth_method_required_2fa, auth_method_required_passkey, id FROM users WHERE username = ?";
+ $sql="SELECT auth_method_required_pw, auth_method_required_2fa, auth_method_required_passkey, id, user_token FROM users WHERE username = ?";
$stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, 's', $username);
mysqli_stmt_execute($stmt);
@@ -68,8 +68,9 @@ else{
$pw=0;
$mfa=0;
$passkey=0;
+ $user_token="";
if(mysqli_stmt_num_rows($stmt) == 1){
- mysqli_stmt_bind_result($stmt, $pw,$mfa,$passkey,$user_id);
+ mysqli_stmt_bind_result($stmt, $pw,$mfa,$passkey,$user_id,$user_token);
mysqli_stmt_fetch($stmt);
$_SESSION["pw_required"] = $pw;
$_SESSION["pw_authenticated"] = ($pw == 0) ? 1 : 0; // If $pw is 0, set pw_authenticated to 1
@@ -78,6 +79,7 @@ else{
$_SESSION["passkey_required"] = $passkey;
$_SESSION["passkey_authenticated"] = ($passkey == 0) ? 1 : 0;
$_SESSION["id"]=$user_id;
+ $_SESSION["user_token"]=$user_token;
$data=[
'message' => 'prepared_start_auth',
'redirect' => '/login/'
diff --git a/app-code/api/register/register_user.php b/app-code/api/register/register_user.php
index 53bde20..5334e98 100644
--- a/app-code/api/register/register_user.php
+++ b/app-code/api/register/register_user.php
@@ -81,11 +81,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$pepper=bin2hex(random_bytes(32));
// Hash the password / a salt is added automaticly
$hashedPassword = password_hash($password.$pepper, PASSWORD_BCRYPT);
+
+ //random token which is used to auth users even if they change theyr username
+ $user_token=bin2hex(random_bytes(32));
// Insert the user into the database
- $sql = "INSERT INTO users (username, email, password, telegram_id, pepper, auth_method_enabled_pw, auth_method_required_pw, auth_method_enabled_passkey, auth_method_required_passkey, auth_method_enabled_2fa, auth_method_required_2fa,auth_method_keepmeloggedin_enabled) VALUES (?, ?, ?, ?, ?, 1, 1,0,0,0,0,0)";
+ $sql = "INSERT INTO users (username, email, password, telegram_id, pepper, auth_method_enabled_pw, auth_method_required_pw, auth_method_enabled_passkey, auth_method_required_passkey, auth_method_enabled_2fa, auth_method_required_2fa,auth_method_keepmeloggedin_enabled, user_token) VALUES (?, ?, ?, ?, ?, 1, 1,0,0,0,0,0,?)";
$stmt = mysqli_prepare($conn, $sql);
- mysqli_stmt_bind_param($stmt, 'sssss', $username, $email, $hashedPassword, $telegram_id, $pepper);
+ mysqli_stmt_bind_param($stmt, 'ssssss', $username, $email, $hashedPassword, $telegram_id, $pepper,$user_token);
if (mysqli_stmt_execute($stmt)) {
echo json_encode([
'success' => true,
diff --git a/app-code/index.php b/app-code/index.php
index 887d961..519399c 100644
--- a/app-code/index.php
+++ b/app-code/index.php
@@ -10,8 +10,8 @@
include "assets/components.php";
session_start();
$_SESSION["end_url"]=$_GET["send_to"];
- if (isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] === true) {
- header("LOCATION:/login/");
+ if (isset($_SESSION["logged_in"]) && $_SESSION["logged_in"] === true && !isset($_GET["donotsend"])) {
+ header("LOCATION:/login/account_selector.php");
exit();
}
?>
diff --git a/app-code/install/create_db.php b/app-code/install/create_db.php
index f2ddfe4..66c6034 100644
--- a/app-code/install/create_db.php
+++ b/app-code/install/create_db.php
@@ -62,6 +62,7 @@
username VARCHAR(255) NOT NULL UNIQUE,
public_key TEXT DEFAULT '',
credential_id VARBINARY(255),
+ user_token VARCHAR(128),
counter INT DEFAULT 0,
2fa VARCHAR(255),
email VARCHAR(255),
diff --git a/app-code/login/account_selector.php b/app-code/login/account_selector.php
new file mode 100644
index 0000000..e4442d0
--- /dev/null
+++ b/app-code/login/account_selector.php
@@ -0,0 +1,46 @@
+
+
+
+
+
+ Jakach Login
+
+
+
+
+
+
+
+
+
diff --git a/app-code/plugins/auth.php b/app-code/plugins/auth.php
index 0c885ab..b44f0cf 100644
--- a/app-code/plugins/auth.php
+++ b/app-code/plugins/auth.php
@@ -35,6 +35,7 @@ if (isset($data['status'])) {
$_SESSION["id"] = $data["id"];
$_SESSION["email"] = $data["email"];
$_SESSION["telegram_id"] = $data["telegram_id"];
+ $_SESSION["user_token"] = $data["user_token"];
// Return a success response
echo json_encode(['status' => 'success', 'msg' => 'logged in']);
diff --git a/app-code/register/index.php b/app-code/register/index.php
index 9b34990..dd47f39 100644
--- a/app-code/register/index.php
+++ b/app-code/register/index.php
@@ -1,3 +1,6 @@
+
@@ -131,7 +134,12 @@
showModalMessage('Success', 'Registration successful!');
// Redirect to a different page if needed after closing the modal
setTimeout(() => {
- window.location.href = '/?send_to=/account/';
+
}, 2000);
} else {
showModalMessage('Error', result.message || 'Registration failed!');