function loginSecureCookie() { global $CFG, $PDOX; $pieces = false; $id = false; // Only do this if we are not already logged in... if (isset($_SESSION["id"]) || !isset($_COOKIE[$CFG->cookiename]) || !isset($CFG->cookiepad) || $CFG->cookiepad === false) { return; } $ct = $_COOKIE[$CFG->cookiename]; // error_log("Cookie: $ct \n"); $pieces = extractSecureCookie($ct); if ($pieces === false) { error_log('Decrypt fail:' . $ct); deleteSecureCookie(); return; } // Convert to an integer and check valid $user_id = $pieces[0] + 0; $userSHA = $pieces[1]; if ($user_id < 1) { $user_id = false; $pieces = false; error_log('Decrypt bad ID:' . $pieces[0] . ',' . $ct); deleteSecureCookie(); return; } // The profile table might not even exist yet. $stmt = $PDOX->queryReturnError("SELECT P.profile_id AS profile_id, P.displayname AS displayname,\n P.email as email, U.user_id as user_id\n FROM {$CFG->dbprefix}profile AS P\n LEFT JOIN {$CFG->dbprefix}lti_user AS U\n ON P.profile_id = U.profile_id AND user_sha256 = profile_sha256 AND\n P.key_id = U.key_id\n WHERE profile_sha256 = :SHA AND U.user_id = :UID LIMIT 1", array('SHA' => $userSHA, ":UID" => $user_id)); if ($stmt->success === false) { return; } $row = $stmt->fetch(\PDO::FETCH_ASSOC); if ($row === false) { error_log("Unable to load user_id={$user_id} SHA={$userSHA}"); deleteSecureCookie(); return; } $_SESSION["id"] = $row['user_id']; $_SESSION["email"] = $row['email']; $_SESSION["displayname"] = $row['displayname']; $_SESSION["profile_id"] = $row['profile_id']; error_log('Autologin:'******'user_id'] . ',' . $row['displayname'] . ',' . $row['email'] . ',' . $row['profile_id']); }
<?php define('COOKIE_SESSION', true); require_once "config.php"; require_once "lib/lms_lib.php"; session_start(); session_unset(); deleteSecureCookie(); header('Location: index.php');