mirror/php-auth
1
0
Fork 0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-08-02 14:17:26 +02:00
Code Issues Releases Wiki Activity

Do not make repeated attempts to use invalid 'remember me' cookies

Browse Source
This commit is contained in:
Marco
2017-10-19 03:00:28 +02:00
parent f70613b2b8
commit 891cef2511
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/Auth.php
View File

@@ -113,6 +113,9 @@ final class Auth extends UserManager {
// if a remember cookie is set
if (isset($_COOKIE[$this->rememberCookieName])) {
// assume the cookie and its contents to be invalid until proven otherwise
$valid = false;
// split the cookie's content into selector and token
$parts = \explode(self::COOKIE_CONTENT_SEPARATOR, $_COOKIE[$this->rememberCookieName], 2);
@@ -131,11 +134,20 @@ final class Auth extends UserManager {
if (!empty($rememberData)) {
if ($rememberData['expires'] >= \time()) {
if (\password_verify($parts[1], $rememberData['token'])) {
// the cookie and its contents have now been proven to be valid
$valid = true;
$this->onLoginSuccessful($rememberData['user'], $rememberData['email'], $rememberData['username'], $rememberData['status'], $rememberData['roles_mask'], true);
}
}
}
}
// if the cookie or its contents have been invalid
if (!$valid) {
// mark the cookie as such to prevent any further futile attempts
$this->setRememberCookie('', '', \time() + 60 * 60 * 24 * 365.25);
}
}
}
}