summaryrefslogtreecommitdiff
path: root/login.php
diff options
context:
space:
mode:
Diffstat (limited to 'login.php')
-rw-r--r--login.php22
1 files changed, 21 insertions, 1 deletions
diff --git a/login.php b/login.php
index 76102e5..f9c0fbc 100644
--- a/login.php
+++ b/login.php
@@ -26,9 +26,29 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
exit(create_alert('/login.php', 401, 'Incorrect username or password.', null));
}
+ $now = date('Y-m-d H:i:s', time());
+ $db->prepare('DELETE FROM tokens WHERE expires_at <= ? AND user_id = ?')
+ ->execute([$now, $user['id']]);
+
+ $data = $user;
+
+ if (IS_JSON_REQUEST) {
+ $expires_at = date('Y-m-d H:i:s', time() + 86400);
+
+ $token = bin2hex(random_bytes(16));
+
+ $db->prepare('INSERT INTO tokens(user_id, hash, expires_at) VALUES (?, ?, ?)')
+ ->execute([$user['id'], hash('sha256', $token), $expires_at]);
+
+ $data = [
+ 'token' => $token,
+ 'id' => $user['id']
+ ];
+ }
+
$_SESSION['user'] = $user;
- exit(create_alert('/', 200, null, $user));
+ exit(create_alert('/', 200, null, $data));
}
?>
<!DOCTYPE html>
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-12 21:16:44 +0000