Beispiel #1
0
 public function loggedIn()
 {
     $rememberMeStorage = new RemembermeMongoStorage($this->getDocumentManager());
     $rememberMe = new Rememberme\Authenticator($rememberMeStorage);
     if (isset($_SESSION['userId']) && isset($_SESSION['expiresAt']) && $_SESSION['expiresAt'] > time()) {
         $_SESSION['expiresAt'] = time() + 3600;
         //Renew session on every activity
         return true;
     } else {
         if (!empty($_COOKIE[$rememberMe->getCookieName()]) && $rememberMe->cookieIsValid()) {
             // Remember me cookie
             $loginresult = $rememberMe->login();
             if ($loginresult) {
                 // Load user into session and return true
                 // Set the session
                 $_SESSION['userId'] = $loginresult;
                 $_SESSION['expiresAt'] = time() + 3600;
                 //1 hour
                 $_SESSION['rememberedByCookie'] = true;
             } else {
                 if ($rememberMe->loginTokenWasInvalid()) {
                     throw new \Exception('Remember me cookie invalid!', Resource::STATUS_BAD_REQUEST);
                 }
             }
         } else {
             return false;
         }
     }
 }
Beispiel #2
0
$storage = new Rememberme\Storage\File($storagePath);
$rememberMe = new Rememberme\Authenticator($storage);
// First, we initialize the session, to see if we are already logged in
session_start();
if (!empty($_SESSION['username'])) {
    if (!empty($_GET['logout'])) {
        $rememberMe->clearCookie($_SESSION['username']);
        redirect(true);
    }
    if (!empty($_GET['completelogout'])) {
        $storage->cleanAllTriplets($_SESSION['username']);
        redirect(true);
    }
    // Check, if the Rememberme cookie exists and is still valid.
    // If not, we log out the current session
    if (!empty($_COOKIE[$rememberMe->getCookieName()]) && !$rememberMe->cookieIsValid()) {
        redirect(true);
    }
    // User is still logged in - show content
    $content = tpl("user_is_logged_in");
} else {
    // If we can present the correct tokens from the cookie, we are logged in
    $loginresult = $rememberMe->login();
    if ($loginresult) {
        $_SESSION['username'] = $loginresult;
        // There is a chance that an attacker has stolen the login token, so we store
        // the fact that the user was logged in via RememberMe (instead of login form)
        $_SESSION['remembered_by_cookie'] = true;
        redirect();
    } else {
        // If $rememberMe returned false, check if the token was invalid