From 50b3409b47536ac9a36c4002ddd4f0ecbdb4be03 Mon Sep 17 00:00:00 2001
From: Yasen Pramatarov <yasen@lindeas.com>
Date: Wed, 3 Jul 2024 09:37:35 +0300
Subject: [PATCH] fixes login issues

---
 README.md                   |  2 ++
 jilo-web.conf.php           |  2 +-
 public_html/index.php       |  8 ++++++--
 public_html/pages/login.php | 17 +++++++++++++++--
 4 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index cf294fc..d30f97b 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,7 @@
 # Jilo Web
 
+This is still not operational. Goals for v.0.1 - browsing of basic info about Jilo config and about Jitsi Meet conferences.
+
 ## requirements
 
 - web server (deb: apache | nginx)
diff --git a/jilo-web.conf.php b/jilo-web.conf.php
index 8ba1187..65d1fe9 100644
--- a/jilo-web.conf.php
+++ b/jilo-web.conf.php
@@ -1,7 +1,7 @@
 <?php
 
 $config = [
-    'domain'		=> 'localhost.com',
+    'domain'		=> 'localhost',
     'folder'		=> '/jilo-web/',
     'database'		=> '/home/yasen/work/code/git/lindeas-code/jilo-web/jilo-web.db',
 ];
diff --git a/public_html/index.php b/public_html/index.php
index 90f044b..af0a781 100644
--- a/public_html/index.php
+++ b/public_html/index.php
@@ -40,8 +40,11 @@ if (isset($_GET['page'])) {
     $page = 'front';
 }
 
-// logged in username
-if ( isset($_SESSION['username']) ) {
+// check if logged in
+if (isset($_COOKIE['username'])) {
+    if ( !isset($_SESSION['username']) ) {
+        $_SESSION['username'] = $_COOKIE['username'];
+    }
     $user = htmlspecialchars($_SESSION['username']);
 }
 
@@ -67,6 +70,7 @@ if (in_array($page, $allowed_urls)) {
         // clean up session
         session_unset();
         session_destroy();
+        setcookie('username', "", time() - 100, $config['folder'], $config['domain'], isset($_SERVER['HTTPS']), true);
 
         $notice = "You were logged out.<br />You can log in again.";
         include 'templates/header.php';
diff --git a/public_html/pages/login.php b/public_html/pages/login.php
index b10af61..ff62180 100644
--- a/public_html/pages/login.php
+++ b/public_html/pages/login.php
@@ -20,26 +20,39 @@ try {
             if (isset($_POST['remember_me'])) {
                 // 30*24*60*60 = 30 days
                 $cookie_lifetime = 30 * 24 * 60 * 60;
+                $setcookie_lifetime = time() + 30 * 24 * 60 * 60;
                 $gc_maxlifetime = 30 * 24 * 60 * 60;
             } else {
                 // 0 - session end on browser close
                 // 1440 - 24 minutes (default)
                 $cookie_lifetime = 0;
+                $setcookie_lifetime = 0;
                 $gc_maxlifetime = 1440;
             }
 
-            // set session lifetime
+            // set session lifetime and cookies
             ini_set('session.gc_maxlifetime', $gc_maxlifetime);
             session_set_cookie_params([
-                'lifetime' => $cookie_lifetime,
+                'lifetime' => $setcookie_lifetime,
                 'samesite' => 'Strict',
                 'httponly' => true,
                 'secure' => isset($_SERVER['HTTPS']),
                 'domain' => $config['domain'],
                 'path' => $config['folder']
             ]);
+            session_name($username);
             session_start();
 
+            // FIXME it doesn't set a cookie with session_set_cookie_params only
+            setcookie('username', $username, [
+                'expires'	=> $setcookie_lifetime,
+                'path'		=> $config['folder'],
+                'domain'	=> $config['domain'],
+                'secure'	=> isset($_SERVER['HTTPS']),
+                'httponly'	=> true,
+                'samesite'	=> 'Strict'
+            ]);
+
             // redirect to index
             $_SESSION['notice'] = "Login successful";
             header('Location: index.php');