From e91dfdbc7549b60a6bc2decff885a26f7fbb365f Mon Sep 17 00:00:00 2001
From: vincent-peugnet <v.peugnet@free.fr>
Date: Thu, 9 Apr 2020 00:36:37 +0200
Subject: remember me with hash comparaison close #68

---
 app/class/Controllerconnect.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'app/class/Controllerconnect.php')

diff --git a/app/class/Controllerconnect.php b/app/class/Controllerconnect.php
index 816d69b..e9af86a 100644
--- a/app/class/Controllerconnect.php
+++ b/app/class/Controllerconnect.php
@@ -100,14 +100,16 @@ class Controllerconnect extends Controller
     /**
      * Create a cookie called `authtoken`
      * 
-     * @param string $id Token string
+     * @param string $token Token string
      * @param int $conservation Time in day to keep the token
      * 
      * @return bool True in cas of success, otherwise, false.
      */
-    public function creatauthcookie(string $id, int $conservation): bool
+    public function creatauthcookie(string $token, int $conservation): bool
     {
-        return setcookie('authtoken', $id, time() + $conservation * 24 * 3600, null, null, false, true);
+        $hash = secrethash($token);
+        $cookie = $token . ':' . $hash;
+        return setcookie('authtoken', $cookie, time() + $conservation * 24 * 3600, null, null, false, true);
     }
 
     /**
@@ -120,4 +122,5 @@ class Controllerconnect extends Controller
 
         //deleteauthcookie
     }
+
 }
-- 
cgit v1.2.3