From 7f5ca64e56312fe22e5d5db53228d466d02d384e Mon Sep 17 00:00:00 2001
From: Yasen Pramatarov <yasen@lindeas.com>
Date: Sun, 30 Jun 2024 10:49:51 +0300
Subject: [PATCH] Login fixes

---
 public_html/index.php                |  2 +-
 public_html/pages/login.php          | 29 +++++++++++++++++++++++++++-
 public_html/static/all.css           | 18 +++++++++++++++++
 public_html/templates/form-login.php | 27 +++++++++++++++++++++-----
 4 files changed, 69 insertions(+), 7 deletions(-)

diff --git a/public_html/index.php b/public_html/index.php
index 683243a..1ea534d 100644
--- a/public_html/index.php
+++ b/public_html/index.php
@@ -22,7 +22,7 @@ if ( isset($_SESSION['username']) ) {
 }
 
 if (isset($error)) {
-    echo "<p style='color: red;'>Error: $error</p>";
+    echo "<div class=\"error\">Error: $error</div>";
 }
 
 $allowed_urls = [
diff --git a/public_html/pages/login.php b/public_html/pages/login.php
index 7a32cae..3106994 100644
--- a/public_html/pages/login.php
+++ b/public_html/pages/login.php
@@ -12,11 +12,38 @@ try {
         $username = $_POST['username'];
         $password = $_POST['password'];
 
+        // login successful
         if ( $user->login($username, $password) ) {
+            // if remember_me is checked, max out the session
+            if (isset($_POST['remember_me'])) {
+                // 30*24*60*60 = 30 days
+                $cookie_lifetime = '30 * 24 * 60 * 60';
+                $gc_maxlifetime = '30 * 24 * 60 * 60';
+            } else {
+                // 0 - session end on browser close
+                // 1440 - 24 minutes (default)
+                $cookie_lifetime = '0';
+                $gc_maxlifetime = '1440';
+            }
+
+            // set session lifetime
+            ini_set('session.cookie_lifetime', $cookie_lifetime);
+            ini_set('session.gc_maxlifetime', $gc_maxlifetime);
+            session_set_cookie_params([
+                'lifetime' => $lifetime,
+                'samesite' => 'Strict',
+                'httponly' => true,
+                'secure' => isset($_SERVER['HTTPS']),
+                'domain' => $domain,
+                'path' => '/jilo-web/'
+            ]);
+            // redirect to index
             header('Location: index.php');
             exit();
+
+        // login failed
         } else {
-            echo "Login failed.";
+            $error = "Login failed.";
         }
     }
 } catch (Exception $e) {
diff --git a/public_html/static/all.css b/public_html/static/all.css
index 60407d4..6bd8b2f 100644
--- a/public_html/static/all.css
+++ b/public_html/static/all.css
@@ -36,3 +36,21 @@
 .menu-left li a:hover, .menu-right li a:hover {
     background-color: #111;
 }
+
+.error {
+    color: red;
+    margin: 15px 0px 15px 0px;
+    padding: 5px;
+    background-color: #eee;
+    border: 1px solid #333;
+    font-weight: bold;
+}
+
+.notice {
+    color: green;
+    margin: 15px 0px 15px 0px;
+    padding: 5px;
+    background-color: #eee;
+    border: 1px solid #333;
+    font-weight: bold;
+}
diff --git a/public_html/templates/form-login.php b/public_html/templates/form-login.php
index ebfb4ad..1eb8a88 100644
--- a/public_html/templates/form-login.php
+++ b/public_html/templates/form-login.php
@@ -1,6 +1,23 @@
 
-<form method="POST" action="?page=login">
-    <input type="text" name="username" placeholder="Username" required />
-    <input type="password" name="password" placeholder="Password" required />
-    <button type="submit">Login</button>
-</form>
+<h2>Login</h2>
+
+<?php if (isset($error)) { ?>
+<div class="error">
+    <?php echo $error; ?>
+</div>
+<?php } ?>
+
+<div class="login-form">
+    <form method="POST" action="?page=login">
+        <input type="text" name="username" placeholder="Username" required />
+        <br />
+        <input type="password" name="password" placeholder="Password" required />
+        <br />
+        <label for="remember_me">
+            <input type="checkbox" id="remember_me" name="remember_me" />
+            remember me
+        </label>
+        <br />
+        <input type="submit" value="Login" />
+    </form>
+</div>