jilo-web/app/pages/login.php

<?php

/**
 * User Login
 *
 * This page ("login") handles user login, session management, cookie handling, and error logging.
 * Supports "remember me" functionality to extend session duration.
 *
 * Global Variables Used:
 * - `$userObject`: Instance of the user management class.
 * - `$logObject`: Instance of the logging class.
 * - `$config`: Configuration array containing settings for cookies, domain, and folder.
 * - `$app_root`: Base URL of the application.
 * - `$user_IP`: Captured IP address of the user.
 *
 * Actions Performed:
 * - Validates login credentials.
 * - Manages session and cookies based on "remember me" option.
 * - Logs successful and failed login attempts.
 * - Displays login form and optional custom messages.
 */

// clear the global error var before login
unset($error);

try {

    // connect to database
    $dbWeb = connectDB($config);

    if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
        $username = $_POST['username'];
        $password = $_POST['password'];

        // login successful
        if ( $userObject->login($username, $password) ) {
            // if remember_me is checked, max out the session
            if (isset($_POST['remember_me'])) {
                // 30*24*60*60 = 30 days
                $cookie_lifetime = 30 * 24 * 60 * 60;
                $setcookie_lifetime = time() + 30 * 24 * 60 * 60;
                $gc_maxlifetime = 30 * 24 * 60 * 60;
            } else {
                // 0 - session end on browser close
                // 1440 - 24 minutes (default)
                $cookie_lifetime = 0;
                $setcookie_lifetime = 0;
                $gc_maxlifetime = 1440;
            }

            // set session lifetime and cookies
            setcookie('username', $username, [
                'expires'	=> $setcookie_lifetime,
                'path'		=> $config['folder'],
                'domain'	=> $config['domain'],
                'secure'	=> isset($_SERVER['HTTPS']),
                'httponly'	=> true,
                'samesite'	=> 'Strict'
            ]);

            // redirect to index
            $_SESSION['notice'] = "Login successful";
            $user_id = $userObject->getUserId($username)[0]['id'];
            $logObject->insertLog($user_id, "Login: User \"$username\" logged in. IP: $user_IP", 'user');
            header('Location: ' . htmlspecialchars($app_root));
            exit();

        // login failed
        } else {
            $_SESSION['error'] = "Login failed.";
            $user_id = $userObject->getUserId($username)[0]['id'];
            $logObject->insertLog($user_id, "Login: Failed login attempt for user \"$username\". IP: $user_IP", 'user');
            header('Location: ' . htmlspecialchars($app_root));
            exit();
        }
    }
} catch (Exception $e) {
    $error = getError('There was an unexpected error. Please try again.', $e->getMessage());
}

if (!empty($config['login_message'])) {
    $notice = $config['login_message'];
    include '../app/templates/block-message.php';
}

include '../app/templates/form-login.php';

?>
Initial code, moved here from the "jilo" repo. 2024-06-28 17:05:32 +00:00			`<?php`

Adds phpdoc comments 2024-11-28 14:40:50 +00:00			`/**`
			`* User Login`
			`*`
Adds phpdoc comments 2024-11-28 14:49:47 +00:00			`* This page ("login") handles user login, session management, cookie handling, and error logging.`
Adds phpdoc comments 2024-11-28 14:40:50 +00:00			`* Supports "remember me" functionality to extend session duration.`
			`*`
			`* Global Variables Used:`
			* - `$userObject`: Instance of the user management class.
			* - `$logObject`: Instance of the logging class.
			* - `$config`: Configuration array containing settings for cookies, domain, and folder.
			* - `$app_root`: Base URL of the application.
			* - `$user_IP`: Captured IP address of the user.
			`*`
			`* Actions Performed:`
			`* - Validates login credentials.`
			`* - Manages session and cookies based on "remember me" option.`
			`* - Logs successful and failed login attempts.`
			`* - Displays login form and optional custom messages.`
			`*/`

Login/registration fixes 2024-07-01 09:45:07 +00:00			`// clear the global error var before login`
Initial code, moved here from the "jilo" repo. 2024-06-28 17:05:32 +00:00			`unset($error);`

			`try {`
Adds database helper functions 2024-08-10 18:42:44 +00:00
			`// connect to database`
Moves the platforms config from flat file to SQLite DB 2024-09-04 09:53:02 +00:00			`$dbWeb = connectDB($config);`
Adds database helper functions 2024-08-10 18:42:44 +00:00
Initial code, moved here from the "jilo" repo. 2024-06-28 17:05:32 +00:00			`if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {`
			`$username = $_POST['username'];`
			`$password = $_POST['password'];`

Login fixes 2024-06-30 07:49:51 +00:00			`// login successful`
Cleans up style 2024-09-06 16:34:03 +00:00			`if ( $userObject->login($username, $password) ) {`
Login fixes 2024-06-30 07:49:51 +00:00			`// if remember_me is checked, max out the session`
			`if (isset($_POST['remember_me'])) {`
			`// 302460*60 = 30 days`
Session cookie fixes 2024-07-02 17:04:12 +00:00			`$cookie_lifetime = 30 * 24 * 60 * 60;`
fixes login issues 2024-07-03 06:37:35 +00:00			`$setcookie_lifetime = time() + 30 * 24 * 60 * 60;`
Session cookie fixes 2024-07-02 17:04:12 +00:00			`$gc_maxlifetime = 30 * 24 * 60 * 60;`
Login fixes 2024-06-30 07:49:51 +00:00			`} else {`
			`// 0 - session end on browser close`
			`// 1440 - 24 minutes (default)`
Session cookie fixes 2024-07-02 17:04:12 +00:00			`$cookie_lifetime = 0;`
fixes login issues 2024-07-03 06:37:35 +00:00			`$setcookie_lifetime = 0;`
Session cookie fixes 2024-07-02 17:04:12 +00:00			`$gc_maxlifetime = 1440;`
Login fixes 2024-06-30 07:49:51 +00:00			`}`

fixes login issues 2024-07-03 06:37:35 +00:00			`// set session lifetime and cookies`
			`setcookie('username', $username, [`
			`'expires' => $setcookie_lifetime,`
			`'path' => $config['folder'],`
			`'domain' => $config['domain'],`
			`'secure' => isset($_SERVER['HTTPS']),`
			`'httponly' => true,`
			`'samesite' => 'Strict'`
			`]);`

Login fixes 2024-06-30 07:49:51 +00:00			`// redirect to index`
Login/registration fixes 2024-07-01 09:45:07 +00:00			`$_SESSION['notice'] = "Login successful";`
Adds initial support for logs 2024-09-16 14:09:37 +00:00			`$user_id = $userObject->getUserId($username)[0]['id'];`
Adds user IP to the logs. 2024-09-17 11:22:43 +00:00			`$logObject->insertLog($user_id, "Login: User \"$username\" logged in. IP: $user_IP", 'user');`
Fixes bugs in URL redirects 2024-10-23 12:28:45 +00:00			`header('Location: ' . htmlspecialchars($app_root));`
Initial code, moved here from the "jilo" repo. 2024-06-28 17:05:32 +00:00			`exit();`
Login fixes 2024-06-30 07:49:51 +00:00
			`// login failed`
Initial code, moved here from the "jilo" repo. 2024-06-28 17:05:32 +00:00			`} else {`
Login/registration fixes 2024-07-01 09:45:07 +00:00			`$_SESSION['error'] = "Login failed.";`
Adds initial support for logs 2024-09-16 14:09:37 +00:00			`$user_id = $userObject->getUserId($username)[0]['id'];`
Adds user IP to the logs. 2024-09-17 11:22:43 +00:00			`$logObject->insertLog($user_id, "Login: Failed login attempt for user \"$username\". IP: $user_IP", 'user');`
Fixes bugs in URL redirects 2024-10-23 12:28:45 +00:00			`header('Location: ' . htmlspecialchars($app_root));`
Login/registration fixes 2024-07-01 09:45:07 +00:00			`exit();`
Initial code, moved here from the "jilo" repo. 2024-06-28 17:05:32 +00:00			`}`
			`}`
			`} catch (Exception $e) {`
Better error reporting 2024-08-17 08:20:08 +00:00			`$error = getError('There was an unexpected error. Please try again.', $e->getMessage());`
Initial code, moved here from the "jilo" repo. 2024-06-28 17:05:32 +00:00			`}`

Adds login and registration messages and configs 2024-08-01 08:12:54 +00:00			`if (!empty($config['login_message'])) {`
			`$notice = $config['login_message'];`
Separates app code from public files. 2024-08-12 11:12:24 +00:00			`include '../app/templates/block-message.php';`
Adds login and registration messages and configs 2024-08-01 08:12:54 +00:00			`}`

Separates app code from public files. 2024-08-12 11:12:24 +00:00			`include '../app/templates/form-login.php';`
Initial code, moved here from the "jilo" repo. 2024-06-28 17:05:32 +00:00
			`?>`