public function AuthenticatePersistent(\model\User $user) { // Check signature if (!$this->DoHashesEqual(self::Hash($user->GetUserName() . $user->GetToken()), $user->GetSignature())) { // Signatures does not match throw new \UnexpectedValueException("Signature from 'username' and 'token' does not match original 'signature'"); } // Try to get specific user $userFromDB = $this->users->GetUserByUsername($user->GetUserName()); if ($userFromDB) { // Verify token in user object against token in db table row. return $this->DoHashesEqual($user->GetToken(), $userFromDB->GetToken()); } return false; }
public function SaveLoginOnClient(\model\User $user) { // Prepare values $cookieValues = implode(':', array($user->GetUserName(), $user->GetToken(), $user->GetSignature())); // Save values in cookie (expires in 30 days) return setcookie(self::$COOKIE_ID, $cookieValues, time() + 60 * 60 * 24 * self::$COOKIE_VALID_DAYS); }
public function AddPersistentLogin(\model\User $user) { try { // Assert that token is hashed assert($user->IsTokenHashed()); // Assert that user has id assert(is_numeric($user->GetUserId())); // Prepare db statement $statement = self::$db->prepare('UPDATE ' . self::$DB_TABLE_NAME . ' SET `user_token_hash` = :token' . ' WHERE `user_id` = :userId'); // Prepare input array $inputArray = ['userId' => $user->GetUserId(), 'token' => $user->GetToken()]; // Execute db statement $statement->execute($inputArray); // Check if db insertion was successful return $statement->rowCount() == 1; } catch (\Exception $exception) { throw new \Exception(self::$DB_UPDATE_ERROR); } }