/**
* Function to check for AUTH token validity.
* @return boolean Return the userID related to the token if the AUTH token is valid. False otherwise
*/
public static function checkRememberMe()
{
if (isset($_COOKIE['AUTHID'])) {
//get the given AUTH token from the DB.
$result = SQL("SELECT * FROM `AUTH_TOKENS` WHERE `AUTH_ID` = ?", array($_COOKIE['AUTHID']));
//If the AUTH token is found in DB
if (count($result) == 1) {
$currentTime = time();
//If cookie time has expired, then delete the cookie from the DB and the user's browser.
if ($currentTime - $result[0]['DATE_CREATED'] >= User::$rememberMeExpiryTime) {
User::deleteAuthenticationToken();
return FALSE;
} else {
//The AUTH token is correct and valid. Hence, return the userID related to this AUTH token
return $result[0]['USERID'];
}
} else {
\setcookie("AUTHID", "");
return FALSE;
}
} else {
//If the user is unable to provide a AUTH token, then return FALSE
return FALSE;
}
}
/**
* Function for user to Log-out.
* @param \phpsec\User $userObj The user object of the user that needs to log out
*/
public static function logOut($userObj)
{
if ($userObj->checkRememberMe() === $userObj->getUserID()) {
User::deleteAuthenticationToken();
//delete the authentication token from the server and the user's browser
}
if (file_exists(__DIR__ . "/../session/session.php")) {
require_once __DIR__ . "/../session/session.php";
//If session library is present, then delete session from the server as well as user's browser
$tempSession = new Session();
$tempSession->existingSession();
$tempSession->destroySession();
}
}
/**
* Function to test the "remember-me" functionality.
*/
public function testRememberMe()
{
//enable the function. This will set the AUTH_ID token in DB.
User::enableRememberMe($this->obj->getUserID());
$result = SQL("SELECT `AUTH_ID` FROM `AUTH_TOKENS` WHERE USERID = ?", array($this->obj->getUserID()));
//get the token.
$_COOKIE['AUTHID'] = $result[0]['AUTH_ID'];
//set the cookie. In real world, this and the above step will be done in browser.
time("SET", time() + 100000000);
//set the time to some distant future.
$this->assertFalse(User::checkRememberMe());
//test should fail since the time has expired. Also the AUTH_ID token will be deleted from the DB.
time("RESET");
//reset the clock.
User::enableRememberMe($this->obj->getUserID());
//enable the function again.
$result = SQL("SELECT `AUTH_ID` FROM `AUTH_TOKENS` WHERE USERID = ?", array($this->obj->getUserID()));
//get the token.
$_COOKIE['AUTHID'] = $result[0]['AUTH_ID'];
//set the cookie.
$this->assertTrue(User::checkRememberMe() === $this->obj->getUserID());
//the test should pass becaue the token is correct and within time-limit.
User::deleteAuthenticationToken();
}
