Project-Pro/crmPRO
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Enhance user logout and remember me functionality with secure cookie handling

Browse Source
This commit is contained in:
Jacek Pyziak
2026-02-26 22:36:56 +01:00
parent a4a35c8d62
commit 66d04faaa5
4 changed files with 302 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
autoload/controls/class.Users.php
View File

@@ -28,10 +28,22 @@ class Users
public static function logout()
{
global $mdb, $user;
$domain = preg_replace( '#^(http(s)?://)?w{3}\.#', '$1', $_SERVER['SERVER_NAME'] );
$cookie_name = str_replace( '.', '-', $domain );
setcookie( $cookie_name, "", strtotime( "-1 year" ), "/", $domain );
if ( $user && isset( $user['id'] ) )
$mdb -> update( 'users', [ 'remember_token' => null ], [ 'id' => $user['id'] ] );
setcookie( $cookie_name, "", [
'expires' => strtotime( "-1 year" ),
'path' => '/',
'domain' => $domain,
'secure' => true,
'httponly' => true,
'samesite' => 'Lax'
] );
session_destroy();
header( 'Location: /' );
exit;
@@ -111,16 +123,30 @@ class Users
$domain = preg_replace( '#^(http(s)?://)?w{3}\.#', '$1', $_SERVER['SERVER_NAME'] );
$cookie_name = str_replace( '.', '-', $domain );
if ( \S::get( 'remember' ) )
if ( \S::get( 'remember' ) === 'true' )
{
$token = bin2hex( random_bytes( 32 ) );
$mdb -> update( 'users', [ 'remember_token' => $token ], [ 'id' => $user['id'] ] );
setcookie( $cookie_name, $token, strtotime( "+1 year" ), "/", $domain, true, true );
setcookie( $cookie_name, $token, [
'expires' => strtotime( "+1 year" ),
'path' => '/',
'domain' => $domain,
'secure' => true,
'httponly' => true,
'samesite' => 'Lax'
] );
}
else
{
$mdb -> update( 'users', [ 'remember_token' => null ], [ 'id' => $user['id'] ] );
setcookie( $cookie_name, "", strtotime( "-1 year" ), "/", $domain );
setcookie( $cookie_name, "", [
'expires' => strtotime( "-1 year" ),
'path' => '/',
'domain' => $domain,
'secure' => true,
'httponly' => true,
'samesite' => 'Lax'
] );
}
\S::set_session( 'user', $user );