diff --git a/controllers/project_controller.php b/controllers/project_controller.php index 60941e6..9b62f84 100644 --- a/controllers/project_controller.php +++ b/controllers/project_controller.php @@ -25,6 +25,27 @@ public function home(){ + if (!isset($_SESSION['user']) && isset($_COOKIE['remember_me'])) { + + $token_du_cookie = $_COOKIE['remember_me']; + $hash_a_verifier = hash('sha256', $token_du_cookie); + + $objUserModel = new UserModel; + // 2. On cherche le jeton dans TA table "tokens" (avec token_user_id) + $row = $objUserModel->getTokenUser($hash_a_verifier); + + if ($row) { + // 3. Jeton trouvé ! On récupère les infos de l'utilisateur + $user = $objUserModel->findUserById($row['token_user_id']); + + if ($user) { + // 4. On recrée la session comme lors d'un login normal + $_SESSION['user'] = $user; + } + } + } + + $intCategory = 0; if (!empty($_GET['filter_cat'])) { $intCategory = (int) $_GET['filter_cat']; diff --git a/controllers/user_controller.php b/controllers/user_controller.php index d981df7..5bcf302 100644 --- a/controllers/user_controller.php +++ b/controllers/user_controller.php @@ -36,7 +36,15 @@ class UserCtrl extends MotherCtrl { // Ajoute l'utilisateur en session $_SESSION['user'] = $arrResult; $_SESSION['success'] = "Bienvenue, vous êtes bien connecté"; - + if (isset($_POST['remember_me'])) { + + $token = bin2hex(random_bytes(32)); + $token_hash = hash('sha256', $token); + $objUserModel->remember($_SESSION['user']['user_id'],$token_hash); + + setcookie('remember_me', $token, time() + (24*60*60), "/", "", false, true); + + } header("Location:index.php"); exit; } @@ -49,11 +57,15 @@ class UserCtrl extends MotherCtrl { public function logout(){ - session_start(); - /*session_destroy(); - session_start();*/ + + if (isset($_COOKIE['remember_me'])) { + $hash = hash('sha256', $_COOKIE['remember_me']); + + $objUserModel = new UserModel; + $objUserModel->deleteToken($hash); - // on supprime l'utilisateur en session + setcookie('remember_me', '', time() - 3600, "/"); + } unset($_SESSION['user']); $_SESSION['success'] = "Vous êtes bien déconnecté"; diff --git a/entities/project_entity.php b/entities/project_entity.php index 8f5ae79..cde9bbe 100644 --- a/entities/project_entity.php +++ b/entities/project_entity.php @@ -17,7 +17,7 @@ class Project extends Entity{ private int $_user; private int $_category = 0; private string $_creatorname; - private string $_user_image; + private ?string $_user_image = null; /** diff --git a/models/user_model.php b/models/user_model.php index f17b9a3..752ce19 100644 --- a/models/user_model.php +++ b/models/user_model.php @@ -70,6 +70,27 @@ return $rqPrep->execute(); } + public function remember(int $userId, string $token):bool{ + $strRq = "INSERT INTO tokens (token_user_id, token_hash, token_created_at, token_expire_at) VALUES (:id, :token, NOW(), :exp)"; + $rqPrep = $this->_db->prepare($strRq); + $rqPrep->bindValue(":id", $userId, PDO::PARAM_INT); + $rqPrep->bindValue(":token", $token, PDO::PARAM_STR); + $rqPrep->bindValue(":exp", + //pour faire que le cookies soit valable 1 jours + date('Y-m-d H:i:s', time() + (24*60*60)) + , PDO::PARAM_STR); + return $rqPrep->execute(); + + } + public function getTokenUser(string $hash){ + $strRq = $this->_db->prepare("SELECT token_user_id FROM tokens WHERE token_hash = :hash AND expires_at > NOW()"); + return $strRq->execute(['hash' => $hash]); + } + public function deleteToken(string $hash){ + $stmt = $this->_db->prepare("DELETE FROM tokens WHERE token_hash = :hash"); + $stmt->execute(['hash' => $hash]); + } + public function update(object $objUser):bool{ $strRq = "UPDATE users SET user_name = :name, diff --git a/views/_partial/header.tpl b/views/_partial/header.tpl index 120b68e..cb8df32 100644 --- a/views/_partial/header.tpl +++ b/views/_partial/header.tpl @@ -85,3 +85,4 @@ {include file="views/_partial/messages.tpl"} + {$smarty.cookies|vardump}