/**
* Gets and sets the RememberMe class
*
* @param mixed $var A rememberMe instance to set
*
* @return RememberMe\RememberMe Returns the current rememberMe instance
*/
public function rememberMe($var = null)
{
if ($var !== null) {
$this->rememberMe = $var;
}
if (!$this->rememberMe) {
/** @var Config $config */
$config = $this->grav['config'];
// Setup storage for RememberMe cookies
$storage = new RememberMe\TokenStorage();
$this->rememberMe = new RememberMe\RememberMe($storage);
$this->rememberMe->setCookieName($config->get('plugins.login.rememberme.name'));
$this->rememberMe->setExpireTime($config->get('plugins.login.rememberme.timeout'));
// Hardening cookies with user-agent and random salt or
// fallback to use system based cache key
$server_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : 'unknown';
$data = $server_agent . $config->get('security.salt', $this->grav['cache']->getKey());
$this->rememberMe->setSalt(hash('sha512', $data));
// Set cookie with correct base path of Grav install
$cookie = new Cookie();
$cookie->setPath($this->grav['base_url_relative']);
$this->rememberMe->setCookie($cookie);
}
return $this->rememberMe;
}
/**
* Gets and sets the RememberMe class
*
* @param mixed $var A rememberMe instance to set
*
* @return Authenticator Returns the current rememberMe instance
*/
public function rememberMe($var = null)
{
if ($var !== null) {
$this->rememberMe = $var;
}
if (!$this->rememberMe) {
/** @var Config $config */
$config = $this->grav['config'];
// Setup storage for RememberMe cookies
$storage = new RememberMe\TokenStorage();
$this->rememberMe = new RememberMe\RememberMe($storage);
$this->rememberMe->setCookieName($config->get('plugins.login.rememberme.name'));
$this->rememberMe->setExpireTime($config->get('plugins.login.rememberme.timeout'));
// Hardening cookies with user-agent and system based cache key
$data = $_SERVER['HTTP_USER_AGENT'] . $this->grav['cache']->getKey();
$this->rememberMe->setSalt(password_hash($data, PASSWORD_DEFAULT));
// Set cookie with correct base path of Grav install
$cookie = new Cookie();
$cookie->setPath($this->grav['base_url_relative']);
$this->rememberMe->setCookie($cookie);
}
return $this->rememberMe;
}
/**
* Gets and sets the RememberMe class
*
* @param mixed $var A rememberMe instance to set
*
* @return Authenticator Returns the current rememberMe instance
*/
public function rememberMe($var = null)
{
if ($var !== null) {
$this->rememberMe = $var;
}
if (!$this->rememberMe) {
/** @var Config $config */
$config = $this->grav['config'];
// Setup storage for RememberMe cookies
$storage = new RememberMe\TokenStorage();
$this->rememberMe = new RememberMe\RememberMe($storage);
$this->rememberMe->setCookieName($config->get('plugins.login.rememberme.name'));
$this->rememberMe->setExpireTime($config->get('plugins.login.rememberme.timeout'));
// Secure cookies with system based hash
$hash = $config->get('system.security.default_hash');
$this->rememberMe->setSalt($hash);
// Set cookie with correct base path of Grav install
$cookie = new Cookie();
$cookie->setPath($this->grav['base_url_relative']);
$this->rememberMe->setCookie($cookie);
}
return $this->rememberMe;
}
public function loggedIn()
{
$rememberMeStorage = new RemembermeMongoStorage($this->getDocumentManager());
$rememberMe = new Rememberme\Authenticator($rememberMeStorage);
if (isset($_SESSION['userId']) && isset($_SESSION['expiresAt']) && $_SESSION['expiresAt'] > time()) {
$_SESSION['expiresAt'] = time() + 3600;
//Renew session on every activity
return true;
} else {
if (!empty($_COOKIE[$rememberMe->getCookieName()]) && $rememberMe->cookieIsValid()) {
// Remember me cookie
$loginresult = $rememberMe->login();
if ($loginresult) {
// Load user into session and return true
// Set the session
$_SESSION['userId'] = $loginresult;
$_SESSION['expiresAt'] = time() + 3600;
//1 hour
$_SESSION['rememberedByCookie'] = true;
} else {
if ($rememberMe->loginTokenWasInvalid()) {
throw new \Exception('Remember me cookie invalid!', Resource::STATUS_BAD_REQUEST);
}
}
} else {
return false;
}
}
}
session_regenerate_id(true);
session_destroy();
}
header("Location: index.php");
exit;
}
// Normally you would store the credentials in a DB
$username = "******";
$password = "******";
// Initialize RememberMe Library with file storage
$storagePath = dirname(__FILE__) . "/tokens";
if (!is_writable($storagePath) || !is_dir($storagePath)) {
die("'{$storagePath}' does not exist or is not writable by the web server.\n To run the example, please create the directory and give it the\n correct permissions.");
}
$storage = new Rememberme\Storage\File($storagePath);
$rememberMe = new Rememberme\Authenticator($storage);
// First, we initialize the session, to see if we are already logged in
session_start();
if (!empty($_SESSION['username'])) {
if (!empty($_GET['logout'])) {
$rememberMe->clearCookie($_SESSION['username']);
redirect(true);
}
if (!empty($_GET['completelogout'])) {
$storage->cleanAllTriplets($_SESSION['username']);
redirect(true);
}
// Check, if the Rememberme cookie exists and is still valid.
// If not, we log out the current session
if (!empty($_COOKIE[$rememberMe->getCookieName()]) && !$rememberMe->cookieIsValid()) {
redirect(true);
