jilo-web/public_html/pages/login.php

<?php

require_once 'classes/database.php';
require 'classes/user.php';

// clear the global error var before login
unset($error);

try {
    $db = new Database($config['database']);
    $user = new User($db);

    if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
        $username = $_POST['username'];
        $password = $_POST['password'];

        // login successful
        if ( $user->login($username, $password) ) {
            // if remember_me is checked, max out the session
            if (isset($_POST['remember_me'])) {
                // 30*24*60*60 = 30 days
                $cookie_lifetime = 30 * 24 * 60 * 60;
                $setcookie_lifetime = time() + 30 * 24 * 60 * 60;
                $gc_maxlifetime = 30 * 24 * 60 * 60;
            } else {
                // 0 - session end on browser close
                // 1440 - 24 minutes (default)
                $cookie_lifetime = 0;
                $setcookie_lifetime = 0;
                $gc_maxlifetime = 1440;
            }

            // set session lifetime and cookies
// FIXME: need to set this before session start (otherwise we need the separate cookie)
//            ini_set('session.gc_maxlifetime', $gc_maxlifetime);
//            session_set_cookie_params([
//                'lifetime' => $setcookie_lifetime,
//                'samesite' => 'Strict',
//                'httponly' => true,
//                'secure' => isset($_SERVER['HTTPS']),
//                'domain' => $config['domain'],
//                'path' => $config['folder']
//            ]);
//            session_start();
// FIXME we use separate cookie, because the above won't work
            setcookie('username', $username, [
                'expires'	=> $setcookie_lifetime,
                'path'		=> $config['folder'],
                'domain'	=> $config['domain'],
                'secure'	=> isset($_SERVER['HTTPS']),
                'httponly'	=> true,
                'samesite'	=> 'Strict'
            ]);

            // redirect to index
            $_SESSION['notice'] = "Login successful";
            header('Location: index.php');
            exit();

        // login failed
        } else {
            $_SESSION['error'] = "Login failed.";
            header('Location: index.php');
            exit();
        }
    }
} catch (Exception $e) {
    $error = $e->getMessage();
}

include 'templates/form-login.php';

?>
Initial code, moved here from the "jilo" repo. 2024-06-28 17:05:32 +00:00			`<?php`

			`require_once 'classes/database.php';`
			`require 'classes/user.php';`
Login/registration fixes 2024-07-01 09:45:07 +00:00
			`// clear the global error var before login`
Initial code, moved here from the "jilo" repo. 2024-06-28 17:05:32 +00:00			`unset($error);`

			`try {`
Login/registration fixes 2024-07-01 09:45:07 +00:00			`$db = new Database($config['database']);`
Initial code, moved here from the "jilo" repo. 2024-06-28 17:05:32 +00:00			`$user = new User($db);`

			`if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {`
			`$username = $_POST['username'];`
			`$password = $_POST['password'];`

Login fixes 2024-06-30 07:49:51 +00:00			`// login successful`
Initial code, moved here from the "jilo" repo. 2024-06-28 17:05:32 +00:00			`if ( $user->login($username, $password) ) {`
Login fixes 2024-06-30 07:49:51 +00:00			`// if remember_me is checked, max out the session`
			`if (isset($_POST['remember_me'])) {`
			`// 302460*60 = 30 days`
Session cookie fixes 2024-07-02 17:04:12 +00:00			`$cookie_lifetime = 30 * 24 * 60 * 60;`
fixes login issues 2024-07-03 06:37:35 +00:00			`$setcookie_lifetime = time() + 30 * 24 * 60 * 60;`
Session cookie fixes 2024-07-02 17:04:12 +00:00			`$gc_maxlifetime = 30 * 24 * 60 * 60;`
Login fixes 2024-06-30 07:49:51 +00:00			`} else {`
			`// 0 - session end on browser close`
			`// 1440 - 24 minutes (default)`
Session cookie fixes 2024-07-02 17:04:12 +00:00			`$cookie_lifetime = 0;`
fixes login issues 2024-07-03 06:37:35 +00:00			`$setcookie_lifetime = 0;`
Session cookie fixes 2024-07-02 17:04:12 +00:00			`$gc_maxlifetime = 1440;`
Login fixes 2024-06-30 07:49:51 +00:00			`}`

fixes login issues 2024-07-03 06:37:35 +00:00			`// set session lifetime and cookies`
Fixes temporary the session cookie 2024-07-03 12:30:44 +00:00			`// FIXME: need to set this before session start (otherwise we need the separate cookie)`
			`// ini_set('session.gc_maxlifetime', $gc_maxlifetime);`
			`// session_set_cookie_params([`
			`// 'lifetime' => $setcookie_lifetime,`
			`// 'samesite' => 'Strict',`
			`// 'httponly' => true,`
			`// 'secure' => isset($_SERVER['HTTPS']),`
			`// 'domain' => $config['domain'],`
			`// 'path' => $config['folder']`
			`// ]);`
			`// session_start();`
			`// FIXME we use separate cookie, because the above won't work`
fixes login issues 2024-07-03 06:37:35 +00:00			`setcookie('username', $username, [`
			`'expires' => $setcookie_lifetime,`
			`'path' => $config['folder'],`
			`'domain' => $config['domain'],`
			`'secure' => isset($_SERVER['HTTPS']),`
			`'httponly' => true,`
			`'samesite' => 'Strict'`
			`]);`

Login fixes 2024-06-30 07:49:51 +00:00			`// redirect to index`
Login/registration fixes 2024-07-01 09:45:07 +00:00			`$_SESSION['notice'] = "Login successful";`
Initial code, moved here from the "jilo" repo. 2024-06-28 17:05:32 +00:00			`header('Location: index.php');`
			`exit();`
Login fixes 2024-06-30 07:49:51 +00:00
			`// login failed`
Initial code, moved here from the "jilo" repo. 2024-06-28 17:05:32 +00:00			`} else {`
Login/registration fixes 2024-07-01 09:45:07 +00:00			`$_SESSION['error'] = "Login failed.";`
			`header('Location: index.php');`
			`exit();`
Initial code, moved here from the "jilo" repo. 2024-06-28 17:05:32 +00:00			`}`
			`}`
			`} catch (Exception $e) {`
			`$error = $e->getMessage();`
			`}`

			`include 'templates/form-login.php';`

			`?>`