-
Notifications
You must be signed in to change notification settings - Fork 0
/
Auth.php
152 lines (125 loc) · 3.34 KB
/
Auth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
<?php
declare(strict_types=1);
namespace Ilyamur\PhpMvc\Service;
use Ilyamur\PhpMvc\Models\RememberedLogin;
use Ilyamur\PhpMvc\Models\User;
/**
* Authentication
*
* PHP version 8.0
*/
class Auth
{
/**
* Login the user
*
* @param User $user The user model
* @param boolean $remember_me Remember the login if true
*
* @return void
*/
public static function login($user, $rememberMe): void
{
if ($rememberMe && $user->rememberLogin()) {
setcookie(
name: 'rememberMe',
value: $user->rememberToken,
expires_or_options: $user->expiresAt,
path: '/'
);
}
session_regenerate_id(true);
$_SESSION['userId'] = $user->id;
}
/**
* Logout the user
*
* @return void
*/
public static function logout(): void
{
$_SESSION = [];
// Delete the session cookie
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(
session_name(),
'',
time() - 42000,
$params["path"],
$params["domain"],
$params["secure"],
$params["httponly"]
);
}
// Destroy the session
session_destroy();
static::forgetLogin();
}
/**
* Remember the originally-requested page in the session
*
* @return void
*/
public static function rememberRequestedPage(): void
{
$_SESSION['returnTo'] = $_SERVER['REQUEST_URI'];
}
/**
* Get the originally-requested page to return to after requiring login, or default to the homepage
*
* @return string
*/
public static function getReturnToPage(): string
{
return $_SESSION['returnTo'] ?? '/';
}
/**
* Get the current logged-in user, from the session or the remember-me cookie
*
* @return mixed The user model or null if not logged in
*/
public static function getUser(): ?User
{
if (isset($_SESSION['userId'])) {
return User::findById((int) $_SESSION['userId']);
}
return static::loginFromRememberCookie();
}
/**
* Login the user from a remembered login cookie
*
* @return mixed The user model if login cookie found; null otherwise
*/
protected static function loginFromRememberCookie(): ?User
{
$cookie = $_COOKIE['rememberMe'] ?? false;
if (!$cookie) {
return null;
}
$rememberedLogin = RememberedLogin::findByToken($cookie);
if ($rememberedLogin && !$rememberedLogin->hasExpired()) {
$user = $rememberedLogin->getUserByToken();
static::login($user, false);
return $user;
}
return null;
}
/**
* Forget the remembered login, if present
*
* @return void
*/
public static function forgetLogin(): void
{
$cookie = $_COOKIE['rememberMe'] ?? false;
if (!$cookie) {
return;
}
$rememberedLogin = RememberedLogin::findByToken($cookie);
if ($rememberedLogin) {
$rememberedLogin->delete();
}
setcookie('rememberMe', '', time() - 3600); // expire cookie
}
}