if(!isset($_SESSION['id']) && isset($_COOKIE['user-token']) && isset($_COOKIE['user-auth-id'])) {
function random_string() {
if(function_exists('random_bytes')) {
$bytes = random_bytes(16);
$str = bin2hex($bytes);
} else if(function_exists('openssl_random_pseudo_bytes')) {
$bytes = openssl_random_pseudo_bytes(16);
$str = bin2hex($bytes);
} else if(function_exists('mcrypt_create_iv')) {
$bytes = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
$str = bin2hex($bytes);
} else {
$str = md5(uniqid('ijasd9d8asu9823asddasasdsdaasdasd2334dfs', true));
}
return $str;
}
// SELECT CURRENT USER //
if($cUser = $pdo->prepare("SELECT `session_user_id`,`session_user_token` FROM `secure_session` WHERE `session_user_id` = :id LIMIT 1;")) {
$path = __DIR__ . '/../err_database/errorlog.txt';
$cUser->BindValue('id', $_COOKIE['user-auth-id'], PDO::PARAM_INT);
if(!$cUser->execute()) {
## ErrorLog
file_put_contents($path, PHP_EOL . serialize($cUser->errorInfo()));
}
}
$rowData = $cUser->fetch(PDO::FETCH_ASSOC);
if($_COOKIE['user-token'] == $rowData['session_user_token']) {
// Update new User-Token //
$newToken = random_string();
if($updateToken = $pdo->prepare("UPDATE `secure_session` SET `session_user_token` = :user_token WHERE `session_user_id` = :id LIMIT 1;")) {
$updateToken->BindValue('user_token', $newToken, PDO::PARAM_STR);
$updateToken->BindValue('id', $_COOKIE['user-auth-id'], PDO::PARAM_INT);
if(!$updateToken->execute()) {
## ErrorLog
file_put_contents($path, PHP_EOL . serialize($cUser->errorInfo()));
}
// SET NEW COOKIES AND SESSION ID
setcookie('user-token', $newToken, time() + 43200, '/', '127.0.0.1', false, true);
setcookie('user-auth-id', $_COOKIE['user-auth-id'], time() + 43200, '/', '127.0.0.1', false, true);
$_SESSION['id'] = $rowData['session_user_id'];
}
} else {
echo $_COOKIE['user-token'];
die("Fehler");
}
}
Alles anzeigen