public function loggedIn()
{
$rememberMeStorage = new RemembermeMongoStorage($this->getDocumentManager());
$rememberMe = new Rememberme\Authenticator($rememberMeStorage);
if (isset($_SESSION['userId']) && isset($_SESSION['expiresAt']) && $_SESSION['expiresAt'] > time()) {
$_SESSION['expiresAt'] = time() + 3600;
//Renew session on every activity
return true;
} else {
if (!empty($_COOKIE[$rememberMe->getCookieName()]) && $rememberMe->cookieIsValid()) {
// Remember me cookie
$loginresult = $rememberMe->login();
if ($loginresult) {
// Load user into session and return true
// Set the session
$_SESSION['userId'] = $loginresult;
$_SESSION['expiresAt'] = time() + 3600;
//1 hour
$_SESSION['rememberedByCookie'] = true;
} else {
if ($rememberMe->loginTokenWasInvalid()) {
throw new \Exception('Remember me cookie invalid!', Resource::STATUS_BAD_REQUEST);
}
}
} else {
return false;
}
}
}
redirect(true);
}
// User is still logged in - show content
$content = tpl("user_is_logged_in");
} else {
// If we can present the correct tokens from the cookie, we are logged in
$loginresult = $rememberMe->login();
if ($loginresult) {
$_SESSION['username'] = $loginresult;
// There is a chance that an attacker has stolen the login token, so we store
// the fact that the user was logged in via RememberMe (instead of login form)
$_SESSION['remembered_by_cookie'] = true;
redirect();
} else {
// If $rememberMe returned false, check if the token was invalid
if ($rememberMe->loginTokenWasInvalid()) {
$content = tpl("cookie_was_stolen");
} else {
if (!empty($_POST)) {
if ($username == $_POST['username'] && $password == $_POST['password']) {
session_regenerate_id();
$_SESSION['username'] = $username;
// If the user wants to be remembered, create Rememberme cookie
if (!empty($_POST['rememberme'])) {
$rememberMe->createCookie($username);
} else {
$rememberMe->clearCookie();
}
redirect();
} else {
$content = tpl("login", "Invalid credentials");
