From c35d018995da99028747fe672e4d07484855dba2 Mon Sep 17 00:00:00 2001
From: vincent-peugnet <v.peugnet@free.fr>
Date: Wed, 8 Apr 2020 20:50:50 +0200
Subject: simple cookies storage using flywheel autogerated ID

---
 app/class/Controller.php          |  2 +-
 app/class/Controllerconnect.php   | 65 +++++++++++++++++++++++++++++++++------
 app/class/Modelauthtoken.php      | 53 +++++++++++++++++++++++++++++++
 app/class/Modeluser.php           | 36 +++++++++++++++-------
 app/view/templates/backtopbar.php |  3 ++
 app/view/templates/connect.php    |  3 ++
 6 files changed, 140 insertions(+), 22 deletions(-)
 create mode 100644 app/class/Modelauthtoken.php

diff --git a/app/class/Controller.php b/app/class/Controller.php
index c3787b2..7398a7d 100644
--- a/app/class/Controller.php
+++ b/app/class/Controller.php
@@ -34,7 +34,7 @@ class Controller
 
     public function setuser()
     {
-        $this->usermanager = new Modeluser;        
+        $this->usermanager = new Modeluser;
         $this->user = $this->usermanager->readsession();
     }
 
diff --git a/app/class/Controllerconnect.php b/app/class/Controllerconnect.php
index 592c0ee..816d69b 100644
--- a/app/class/Controllerconnect.php
+++ b/app/class/Controllerconnect.php
@@ -21,7 +21,7 @@ class Controllerconnect extends Controller
 
     public function connect()
     {
-        if(isset($_SESSION['pageupdate'])) {
+        if (isset($_SESSION['pageupdate'])) {
             $pageupdate['route'] = 'pageedit';
             $pageupdate['id'] = $_SESSION['pageupdate']['id'];
         } else {
@@ -38,14 +38,22 @@ class Controllerconnect extends Controller
     {
         if (isset($_POST['pass'])) {
             $this->user = $this->usermanager->passwordcheck($_POST['pass']);
-            if($this->user != false) {
-                if($this->user->expiredate() === false || $this->user->level() === 10 || $this->user->expiredate('date') > $this->now) {
+            if ($this->user != false) {
+                if ($this->user->expiredate() === false || $this->user->level() === 10 || $this->user->expiredate('date') > $this->now) {
                     $this->user->connectcounter();
                     $this->usermanager->add($this->user);
                     $this->usermanager->writesession($this->user);
                     $_SESSION['workspace']['showleftpanel'] = true;
                     $_SESSION['workspace']['showrightpanel'] = false;
-                }                
+
+                    if ($_POST['rememberme'] && $this->user->cookie() > 0) {
+                        $token = $this->createauthtoken();
+                        if ($token) {
+                            $_SESSION['user' . Config::basepath()]['authtoken'] = $token;
+                        }
+                    }
+
+                }
             }
         }
         if ($id !== null) {
@@ -59,6 +67,9 @@ class Controllerconnect extends Controller
     {
         $this->user = $this->usermanager->logout();
         $this->usermanager->writesession($this->user);
+        if(!empty($_SESSION['user' . Config::basepath()]['authtoken'])) {
+            $this->destroyauthtoken($_SESSION['user' . Config::basepath()]['authtoken']);
+        }
         if ($id !== null && $route !== 'home') {
             $this->routedirect($route, ['page' => $id]);
         } else {
@@ -66,13 +77,47 @@ class Controllerconnect extends Controller
         }
     }
 
+    /**
+     * Create a token stored in the database and then a cookie
+     * 
+     * @return string|bool Token in cas of success, otherwise, false.
+     */
+    public function createauthtoken()
+    {
+        $authtoken = new Modelauthtoken();
+        $tokenid = $authtoken->add($this->user);
 
+        if ($tokenid !== false) {
+            $cookiecreation = $this->creatauthcookie($tokenid, $this->user->cookie());
+            if ($cookiecreation) {
+                return $tokenid;
+            }
+        } else {
+            return false;
+        }
+    }
 
-}
-
-
-
-
+    /**
+     * Create a cookie called `authtoken`
+     * 
+     * @param string $id Token string
+     * @param int $conservation Time in day to keep the token
+     * 
+     * @return bool True in cas of success, otherwise, false.
+     */
+    public function creatauthcookie(string $id, int $conservation): bool
+    {
+        return setcookie('authtoken', $id, time() + $conservation * 24 * 3600, null, null, false, true);
+    }
 
+    /**
+     * Destroy the current token
+     */
+    public function destroyauthtoken(string $id)
+    {
+        $authtoken = new Modelauthtoken();
+        $dbdelete = $authtoken->delete($id);
 
-?>
\ No newline at end of file
+        //deleteauthcookie
+    }
+}
diff --git a/app/class/Modelauthtoken.php b/app/class/Modelauthtoken.php
new file mode 100644
index 0000000..0a55e64
--- /dev/null
+++ b/app/class/Modelauthtoken.php
@@ -0,0 +1,53 @@
+<?php
+
+namespace Wcms;
+
+use JamesMoss\Flywheel\Document;
+
+class Modelauthtoken extends Modeldb
+{
+
+    const AUTHTOKEN_REPO_NAME = 'authtoken';
+
+
+    public function __construct()
+    {
+        parent::__construct();
+        $this->storeinit(self::AUTHTOKEN_REPO_NAME);
+    }
+
+    /**
+     * Add a Token in the database according to the Users datas
+     * 
+     * @param User $user
+     */
+    public function add(User $user)
+    {
+        $datas = [
+            'user' => $user->id(),
+            'ip' => $_SERVER['SERVER_ADDR'],
+            'creationdate' => '1'
+        ];
+        $tokendata = new Document($datas);
+        return $this->repo->store($tokendata);
+
+    }
+
+    public function getbytoken(string $token)
+    {
+        return $this->repo->findById($token);
+    }
+
+    public function delete(string $token)
+    {
+        return $this->repo->delete($token);
+    }
+
+}
+
+
+
+
+
+
+?>
\ No newline at end of file
diff --git a/app/class/Modeluser.php b/app/class/Modeluser.php
index 071320e..3f51920 100644
--- a/app/class/Modeluser.php
+++ b/app/class/Modeluser.php
@@ -21,16 +21,16 @@ class Modeluser extends Modeldb
         $this->storeinit(self::USER_REPO_NAME);
     }
 
+    /**
+     * Write session cookie according to users datas and define the current authtoken being used
+     * 
+     * @param User $user Current user to keep in session
+     */
     public function writesession(User $user)
     {
-        $_SESSION['user' . Config::basepath()] = ['level' => $user->level(), 'id' => $user->id(), 'columns' =>$user->columns()];
-    }
-
-    public function writecookie(User $user)
-    {
-        $cookiehash = 
-        $cookie = ['level' => $user->level(), 'id' => $user->id()];
-        setcookie('user ' . Config::basepath(), $cookie, time() + $user->cookie()*24*3600, null, null, false, true);
+        $_SESSION['user' . Config::basepath()]['level'] = $user->level();
+        $_SESSION['user' . Config::basepath()]['id'] = $user->id();
+        $_SESSION['user' . Config::basepath()]['columns'] = $user->columns();
     }
 
     public function readsession()
@@ -41,9 +41,23 @@ class Modeluser extends Modeldb
             $user = new User($userdatas);
             $user = $this->get($user);
             return $user;
-        } else {
-            return new User(['id' => '', 'level' => 0]);
         }
+        
+        if(isset($_COOKIE['authtoken'])) {
+            $authtokenmanager = new Modelauthtoken();
+            $token = $authtokenmanager->getbytoken($_COOKIE['authtoken']);
+            if ($token !== false) {
+                $user = $this->get($token->user);
+                if ($user !== false) {
+                    $this->writesession($user, $_COOKIE['authtoken']);
+                }
+                return $user;
+
+            }
+        }
+
+        return new User(['id' => '', 'level' => 0]);
+
     }
 
 
@@ -159,7 +173,7 @@ class Modeluser extends Modeldb
 
 
     /**
-     * @param string|User $id
+     * @param string|User $id Can be an User object or a string ID
      * 
      * @return User|false User object or false in case of error
      */
diff --git a/app/view/templates/backtopbar.php b/app/view/templates/backtopbar.php
index c1dd361..0710c85 100644
--- a/app/view/templates/backtopbar.php
+++ b/app/view/templates/backtopbar.php
@@ -63,6 +63,9 @@ if($user->isadmin()) {
 <form action="<?= $this->url('log') ?>" method="post" id="connect">
 <input type="password" name="pass" id="loginpass" placeholder="password" autofocus>
 <input type="hidden" name="route" value="home">
+<input type="hidden" name="rememberme" value="0">
+<input type="checkbox" name="rememberme" id="rememberme" value="1">
+<label for="rememberme">Remember me</label>
 <input type="submit" name="log" value="login">
 </form>
 
diff --git a/app/view/templates/connect.php b/app/view/templates/connect.php
index e21b360..6fd5b14 100644
--- a/app/view/templates/connect.php
+++ b/app/view/templates/connect.php
@@ -19,6 +19,9 @@ if(in_array($route, ['pageedit', 'pageread', 'pageread/', 'pageadd'])) {
 }
 ?>
 <input type="password" name="pass" id="loginpass" placeholder="password" autofocus>
+<input type="hidden" name="rememberme" value="0">
+<input type="checkbox" name="rememberme" id="rememberme" value="1">
+<label for="rememberme">Remember me</label>
 <input name="log" type="submit" value="login">
 </form>
 
-- 
cgit v1.2.3