function loginSecureCookie()
{
global $CFG, $PDOX;
$pieces = false;
$id = false;
// Only do this if we are not already logged in...
if (isset($_SESSION["id"]) || !isset($_COOKIE[$CFG->cookiename]) || !isset($CFG->cookiepad) || $CFG->cookiepad === false) {
return;
}
$ct = $_COOKIE[$CFG->cookiename];
// error_log("Cookie: $ct \n");
$pieces = extractSecureCookie($ct);
if ($pieces === false) {
error_log('Decrypt fail:' . $ct);
deleteSecureCookie();
return;
}
// Convert to an integer and check valid
$user_id = $pieces[0] + 0;
$userSHA = $pieces[1];
if ($user_id < 1) {
$user_id = false;
$pieces = false;
error_log('Decrypt bad ID:' . $pieces[0] . ',' . $ct);
deleteSecureCookie();
return;
}
// The profile table might not even exist yet.
$stmt = $PDOX->queryReturnError("SELECT P.profile_id AS profile_id, P.displayname AS displayname,\n P.email as email, U.user_id as user_id\n FROM {$CFG->dbprefix}profile AS P\n LEFT JOIN {$CFG->dbprefix}lti_user AS U\n ON P.profile_id = U.profile_id AND user_sha256 = profile_sha256 AND\n P.key_id = U.key_id\n WHERE profile_sha256 = :SHA AND U.user_id = :UID LIMIT 1", array('SHA' => $userSHA, ":UID" => $user_id));
if ($stmt->success === false) {
return;
}
$row = $stmt->fetch(\PDO::FETCH_ASSOC);
if ($row === false) {
error_log("Unable to load user_id={$user_id} SHA={$userSHA}");
deleteSecureCookie();
return;
}
$_SESSION["id"] = $row['user_id'];
$_SESSION["email"] = $row['email'];
$_SESSION["displayname"] = $row['displayname'];
$_SESSION["profile_id"] = $row['profile_id'];
error_log('Autologin:'******'user_id'] . ',' . $row['displayname'] . ',' . $row['email'] . ',' . $row['profile_id']);
}
<?php
define('COOKIE_SESSION', true);
require_once "config.php";
require_once "lib/lms_lib.php";
session_start();
session_unset();
deleteSecureCookie();
header('Location: index.php');
