mirror of
https://github.com/delight-im/PHP-Auth.git
synced 2025-10-23 20:06:05 +02:00
Change 'remember me' for login from binary choice to custom interval
This commit is contained in:
13
README.md
13
README.md
@@ -95,8 +95,17 @@ If you don't want to perform email verification, just omit the last parameter to
|
|||||||
### Sign in an existing user (login)
|
### Sign in an existing user (login)
|
||||||
|
|
||||||
```php
|
```php
|
||||||
|
if ($_POST['remember'] == 1) {
|
||||||
|
// keep logged in for one year
|
||||||
|
$rememberDuration = (int) (60 * 60 * 24 * 365.25);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// do not keep logged in after session ends
|
||||||
|
$rememberDuration = null;
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$auth->login($_POST['email'], $_POST['password'], ($_POST['remember'] == 1));
|
$auth->login($_POST['email'], $_POST['password'], $rememberDuration);
|
||||||
|
|
||||||
// user is logged in
|
// user is logged in
|
||||||
}
|
}
|
||||||
@@ -118,7 +127,7 @@ The third parameter controls whether the login is persistent with a long-lived c
|
|||||||
|
|
||||||
*Without* the persistent login, which is the *default* behavior, a user will only stay logged in until they close their browser, or as long as configured via `session.cookie_lifetime` and `session.gc_maxlifetime` in PHP.
|
*Without* the persistent login, which is the *default* behavior, a user will only stay logged in until they close their browser, or as long as configured via `session.cookie_lifetime` and `session.gc_maxlifetime` in PHP.
|
||||||
|
|
||||||
Set the third parameter to `false` to disable the feature. Otherwise, ask the user if they want to enable "remember me". This is usually done with a checkbox in your user interface. Use the input from that checkbox to decide between `false` and `true` here. This is optional and the default is `false`.
|
Omit the third parameter or set it to `null` to disable the feature. Otherwise, ask the user if they want to enable "remember me". This is usually done with a checkbox in your user interface. Use the input from that checkbox to decide between `null` and a pre-defined duration in seconds here, e.g. `60 * 60 * 24 * 365.25` for one year.
|
||||||
|
|
||||||
### Perform email verification
|
### Perform email verification
|
||||||
|
|
||||||
|
21
src/Auth.php
21
src/Auth.php
@@ -263,13 +263,13 @@ class Auth {
|
|||||||
*
|
*
|
||||||
* @param string $email the user's email address
|
* @param string $email the user's email address
|
||||||
* @param string $password the user's password
|
* @param string $password the user's password
|
||||||
* @param bool $remember whether to keep the user logged in ("remember me") or not
|
* @param int|bool|null $rememberDuration (optional) the duration in seconds to keep the user logged in ("remember me"), e.g. `60 * 60 * 24 * 365.25` for one year
|
||||||
* @throws InvalidEmailException if the email address was invalid or could not be found
|
* @throws InvalidEmailException if the email address was invalid or could not be found
|
||||||
* @throws InvalidPasswordException if the password was invalid
|
* @throws InvalidPasswordException if the password was invalid
|
||||||
* @throws EmailNotVerifiedException if the email address has not been verified yet via confirmation email
|
* @throws EmailNotVerifiedException if the email address has not been verified yet via confirmation email
|
||||||
* @throws AuthError if an internal problem occurred (do *not* catch)
|
* @throws AuthError if an internal problem occurred (do *not* catch)
|
||||||
*/
|
*/
|
||||||
public function login($email, $password, $remember = false) {
|
public function login($email, $password, $rememberDuration = null) {
|
||||||
$email = self::validateEmailAddress($email);
|
$email = self::validateEmailAddress($email);
|
||||||
$password = self::validatePassword($password);
|
$password = self::validatePassword($password);
|
||||||
|
|
||||||
@@ -294,8 +294,16 @@ class Auth {
|
|||||||
if ($userData['verified'] === 1) {
|
if ($userData['verified'] === 1) {
|
||||||
$this->onLoginSuccessful($userData['id'], $email, $userData['username'], false);
|
$this->onLoginSuccessful($userData['id'], $email, $userData['username'], false);
|
||||||
|
|
||||||
if ($remember) {
|
// continue to support the old parameter format
|
||||||
$this->createRememberDirective($userData['id']);
|
if ($rememberDuration === true) {
|
||||||
|
$rememberDuration = 60 * 60 * 24 * 28;
|
||||||
|
}
|
||||||
|
elseif ($rememberDuration === false) {
|
||||||
|
$rememberDuration = null;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($rememberDuration !== null) {
|
||||||
|
$this->createRememberDirective($userData['id'], $rememberDuration);
|
||||||
}
|
}
|
||||||
|
|
||||||
return;
|
return;
|
||||||
@@ -365,13 +373,14 @@ class Auth {
|
|||||||
* Creates a new directive keeping the user logged in ("remember me")
|
* Creates a new directive keeping the user logged in ("remember me")
|
||||||
*
|
*
|
||||||
* @param int $userId the user ID to keep signed in
|
* @param int $userId the user ID to keep signed in
|
||||||
|
* @param int $duration the duration in seconds
|
||||||
* @throws AuthError if an internal problem occurred (do *not* catch)
|
* @throws AuthError if an internal problem occurred (do *not* catch)
|
||||||
*/
|
*/
|
||||||
private function createRememberDirective($userId) {
|
private function createRememberDirective($userId, $duration) {
|
||||||
$selector = self::createRandomString(24);
|
$selector = self::createRandomString(24);
|
||||||
$token = self::createRandomString(32);
|
$token = self::createRandomString(32);
|
||||||
$tokenHashed = password_hash($token, PASSWORD_DEFAULT);
|
$tokenHashed = password_hash($token, PASSWORD_DEFAULT);
|
||||||
$expires = time() + 3600 * 24 * 28;
|
$expires = time() + ((int) $duration);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$this->db->insert(
|
$this->db->insert(
|
||||||
|
@@ -38,8 +38,17 @@ function processRequestData(\Delight\Auth\Auth $auth) {
|
|||||||
if (isset($_POST)) {
|
if (isset($_POST)) {
|
||||||
if (isset($_POST['action'])) {
|
if (isset($_POST['action'])) {
|
||||||
if ($_POST['action'] === 'login') {
|
if ($_POST['action'] === 'login') {
|
||||||
|
if ($_POST['remember'] == 1) {
|
||||||
|
// keep logged in for one year
|
||||||
|
$rememberDuration = (int) (60 * 60 * 24 * 365.25);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// do not keep logged in after session ends
|
||||||
|
$rememberDuration = null;
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$auth->login($_POST['email'], $_POST['password'], ($_POST['remember'] == 1));
|
$auth->login($_POST['email'], $_POST['password'], $rememberDuration);
|
||||||
|
|
||||||
return 'ok';
|
return 'ok';
|
||||||
}
|
}
|
||||||
@@ -248,8 +257,8 @@ function showGuestUserForm() {
|
|||||||
echo '<input type="text" name="email" placeholder="Email" /> ';
|
echo '<input type="text" name="email" placeholder="Email" /> ';
|
||||||
echo '<input type="text" name="password" placeholder="Password" /> ';
|
echo '<input type="text" name="password" placeholder="Password" /> ';
|
||||||
echo '<select name="remember" size="1">';
|
echo '<select name="remember" size="1">';
|
||||||
echo '<option value="0">Remember (28 days)? — No</option>';
|
echo '<option value="0">Remember (keep logged in)? — No</option>';
|
||||||
echo '<option value="1">Remember (28 days)? — Yes</option>';
|
echo '<option value="1">Remember (keep logged in)? — Yes</option>';
|
||||||
echo '</select> ';
|
echo '</select> ';
|
||||||
echo '<button type="submit">Login</button>';
|
echo '<button type="submit">Login</button>';
|
||||||
echo '</form>';
|
echo '</form>';
|
||||||
|
Reference in New Issue
Block a user