/** * Function to check for AUTH token validity. * @return boolean Return the userID related to the token if the AUTH token is valid. False otherwise */ public static function checkRememberMe() { if (isset($_COOKIE['AUTHID'])) { //get the given AUTH token from the DB. $result = SQL("SELECT * FROM `AUTH_TOKENS` WHERE `AUTH_ID` = ?", array($_COOKIE['AUTHID'])); //If the AUTH token is found in DB if (count($result) == 1) { $currentTime = time(); //If cookie time has expired, then delete the cookie from the DB and the user's browser. if ($currentTime - $result[0]['DATE_CREATED'] >= User::$rememberMeExpiryTime) { User::deleteAuthenticationToken(); return FALSE; } else { //The AUTH token is correct and valid. Hence, return the userID related to this AUTH token return $result[0]['USERID']; } } else { \setcookie("AUTHID", ""); return FALSE; } } else { //If the user is unable to provide a AUTH token, then return FALSE return FALSE; } }
/** * Function for user to Log-out. * @param \phpsec\User $userObj The user object of the user that needs to log out */ public static function logOut($userObj) { if ($userObj->checkRememberMe() === $userObj->getUserID()) { User::deleteAuthenticationToken(); //delete the authentication token from the server and the user's browser } if (file_exists(__DIR__ . "/../session/session.php")) { require_once __DIR__ . "/../session/session.php"; //If session library is present, then delete session from the server as well as user's browser $tempSession = new Session(); $tempSession->existingSession(); $tempSession->destroySession(); } }
/** * Function to test the "remember-me" functionality. */ public function testRememberMe() { //enable the function. This will set the AUTH_ID token in DB. User::enableRememberMe($this->obj->getUserID()); $result = SQL("SELECT `AUTH_ID` FROM `AUTH_TOKENS` WHERE USERID = ?", array($this->obj->getUserID())); //get the token. $_COOKIE['AUTHID'] = $result[0]['AUTH_ID']; //set the cookie. In real world, this and the above step will be done in browser. time("SET", time() + 100000000); //set the time to some distant future. $this->assertFalse(User::checkRememberMe()); //test should fail since the time has expired. Also the AUTH_ID token will be deleted from the DB. time("RESET"); //reset the clock. User::enableRememberMe($this->obj->getUserID()); //enable the function again. $result = SQL("SELECT `AUTH_ID` FROM `AUTH_TOKENS` WHERE USERID = ?", array($this->obj->getUserID())); //get the token. $_COOKIE['AUTHID'] = $result[0]['AUTH_ID']; //set the cookie. $this->assertTrue(User::checkRememberMe() === $this->obj->getUserID()); //the test should pass becaue the token is correct and within time-limit. User::deleteAuthenticationToken(); }