From 61c40767862e3b4a00807be726c636fe60ba04e2 Mon Sep 17 00:00:00 2001
From: flashwave <me@flash.moe>
Date: Fri, 17 Apr 2015 22:14:31 +0000
Subject: [PATCH] Login works!

---
 _sakura/components/Sessions.php           | 46 +++++++++++++++++++++--
 _sakura/components/Users.php              | 42 +++++++++++++++++++--
 _sakura/components/database/mysql.php     | 43 ++++++++++++++++++++-
 _sakura/sakura.php                        |  4 +-
 _sakura/templates/yuuno/global/header.tpl |  4 +-
 main/authenticate.php                     |  2 +-
 6 files changed, 128 insertions(+), 13 deletions(-)

diff --git a/_sakura/components/Sessions.php b/_sakura/components/Sessions.php
index 41c9db6..0798257 100644
--- a/_sakura/components/Sessions.php
+++ b/_sakura/components/Sessions.php
@@ -19,8 +19,8 @@ class Session {
             session_start();
 
         // Assign user and session IDs
-        self::$userId       = isset($_COOKIE[Configuration::getConfig('cookie_prefix') .'id'])      ? isset($_COOKIE[Configuration::getConfig('cookie_prefix') .'id'])      : 0;
-        self::$sessionId    = isset($_COOKIE[Configuration::getConfig('cookie_prefix') .'session']) ? isset($_COOKIE[Configuration::getConfig('cookie_prefix') .'session']) : '';
+        self::$userId       = isset($_COOKIE[Configuration::getConfig('cookie_prefix') .'id'])      ? $_COOKIE[Configuration::getConfig('cookie_prefix') .'id']         : 0;
+        self::$sessionId    = isset($_COOKIE[Configuration::getConfig('cookie_prefix') .'session']) ? $_COOKIE[Configuration::getConfig('cookie_prefix') .'session']    : '';
 
     }
 
@@ -49,7 +49,47 @@ class Session {
     // Check session data (expiry, etc.)
     public static function checkSession($userId, $sessionId) {
 
-        
+        // Get session from database
+        $session = Database::fetch('sessions', true, ['userid' => [$userId, '='], 'skey' => [$sessionId, '=']]);
+
+        // Check if we actually got something in return
+        if(!count($session))
+            return false;
+        else
+            $session = $session[0];
+
+        // Check if the session expired
+        if($session['expire'] < time()) {
+
+            // If it is delete the session...
+            self::deleteSession($session['id']);
+
+            // ...and return false
+            return false;
+
+        }
+
+        // If the remember flag is set extend the session time
+        if($session['remember'])
+            Database::update('sessions', [['expire' => time() + 604800], ['id' => [$session['id'], '=']]]);
+
+        // Return 2 if the remember flag is set and return 1 if not
+        return $session['remember'] ? 2 : 1;
+
+    }
+
+    // Delete a session
+    public static function deleteSession($sessionId, $key = false) {
+
+        // Check if the session exists
+        if(!Database::fetch('sessions', [($key ? 'skey' : 'id'), true, [$sessionId, '=']]))
+            return false;
+
+        // Run the query
+        Database::delete('sessions', [($key ? 'skey' : 'id'), [$sessionId, '=']]);
+
+        // Return true if key was found and deleted
+        return true;
 
     }
 
diff --git a/_sakura/components/Users.php b/_sakura/components/Users.php
index 20910ae..6b4b527 100644
--- a/_sakura/components/Users.php
+++ b/_sakura/components/Users.php
@@ -45,10 +45,32 @@ class Users {
     ];
 
     // Check if a user is logged in
-    public static function loggedIn() {
+    public static function checkLogin() {
 
-        // Just return false for now since we don't have a user system yet
-        return false;
+        // Check if the cookies are set
+        if(
+            !isset($_COOKIE[Configuration::getConfig('cookie_prefix') .'id']) ||
+            !isset($_COOKIE[Configuration::getConfig('cookie_prefix') .'session'])
+        )
+            return false;
+
+        // Check if the session exists
+        if(!$session = Session::checkSession(
+            Session::$userId,
+            Session::$sessionId
+        ))
+            return false;
+
+        // Extend the cookie times if the remember flag is set
+        if($session == 2) {
+
+            setcookie(Configuration::getConfig('cookie_prefix') .'id',      Session::$userId,       time() + 604800, Configuration::getConfig('cookie_path'), Configuration::getConfig('cookie_domain'));
+            setcookie(Configuration::getConfig('cookie_prefix') .'session', Session::$sessionId,    time() + 604800, Configuration::getConfig('cookie_path'), Configuration::getConfig('cookie_domain'));
+
+        }
+
+        // If everything went through return true
+        return true;
 
     }
 
@@ -99,8 +121,20 @@ class Users {
     // Logout and kill the session
     public static function logout() {
 
+        // Check if user is logged in
+        if(!self::checkLogin())
+            return false;
+
         // Remove the active session from the database
-        // Session::deleteSession($id, $key);
+        if(!Session::deleteSession($id, true))
+            return false;
+
+        // Set cookies
+        setcookie(Configuration::getConfig('cookie_prefix') .'id',      0,  time() - 60, Configuration::getConfig('cookie_path'), Configuration::getConfig('cookie_domain'));
+        setcookie(Configuration::getConfig('cookie_prefix') .'session', '', time() - 60, Configuration::getConfig('cookie_path'), Configuration::getConfig('cookie_domain'));
+
+        // Return true indicating a successful logout
+        return true;
 
     }
 
diff --git a/_sakura/components/database/mysql.php b/_sakura/components/database/mysql.php
index 5564609..f30041e 100644
--- a/_sakura/components/database/mysql.php
+++ b/_sakura/components/database/mysql.php
@@ -270,5 +270,46 @@ class Database {
         return $result;
 
     }
-    
+
+    // Delete data from the database
+    public static function delete($table, $data) {
+
+        // Begin preparation of the statement
+        $prepare = 'DELETE FROM `' . Configuration::getLocalConfig('db', 'prefix') . $table . '`';
+
+        // If $data is set and is an array continue
+        if(is_array($data)) {
+
+            $prepare .= ' WHERE';
+
+            foreach($data as $key => $value) {
+                $prepare .= ' `'. $key .'` '. $value[1] .' :'. $key . ($key == key(array_slice($data, -1, 1, true)) ? '' : ' AND');
+
+                // Unset variables to be safe
+                unset($key);
+                unset($value);
+            }
+
+        }
+
+        // Actually prepare the preration
+        $query = self::$sql->prepare($prepare);
+
+        // Bind those parameters
+        foreach($data as $key => $value) {
+            $query->bindParam(':'. $key, $value[0]);
+
+            // Unset variables to be safe
+            unset($key);
+            unset($value);
+        }
+
+        // Execute the prepared statements with parameters bound
+        $result = $query->execute();
+
+        // Return whatever can be returned
+        return $result;
+
+    }
+
 }
diff --git a/_sakura/sakura.php b/_sakura/sakura.php
index 1be4c28..7a5b02a 100644
--- a/_sakura/sakura.php
+++ b/_sakura/sakura.php
@@ -8,7 +8,7 @@
 namespace Sakura;
 
 // Define Sakura version
-define('SAKURA_VERSION', '20150412');
+define('SAKURA_VERSION', '20150417');
 
 // Define Sakura Path
 define('ROOT', str_replace(basename(__DIR__), '', dirname(__FILE__)));
@@ -63,6 +63,6 @@ $renderData = array(
         'time'      => \time()
     ],
     'user' => [
-        'loggedin' => Users::loggedIn()
+        'checklogin' => Users::checkLogin()
     ]
 );
diff --git a/_sakura/templates/yuuno/global/header.tpl b/_sakura/templates/yuuno/global/header.tpl
index 78b2bc4..d784648 100644
--- a/_sakura/templates/yuuno/global/header.tpl
+++ b/_sakura/templates/yuuno/global/header.tpl
@@ -17,7 +17,7 @@
         <!-- JS -->
         <script type="text/javascript" src="{{ sakura.resources }}/js/yuuno.js"></script>
         <script type="text/javascript">
-        {% if user.loggedin != true %}
+        {% if not user.checklogin %}
             // Setting the shit so clicking the login link doesn't redirect to /login
             function initLoginForm() {
 
@@ -65,7 +65,7 @@
                 </div>
             </div>
             <div id="contentwrapper">
-                {% if user.loggedin != true %}
+                {% if not user.checklogin %}
                     <div class="hidden" id="headerLoginForm">
                         <form method="post" action="/authenticate">
                             <input type="hidden" name="redirect" value="{{ sakura.currentpage }}" />
diff --git a/main/authenticate.php b/main/authenticate.php
index f46fcc3..e8ac7a0 100644
--- a/main/authenticate.php
+++ b/main/authenticate.php
@@ -36,7 +36,7 @@ if(
             // Add page specific things
             $renderData['page'] = [
                 'title'     => 'Login',
-                'redirect'  => ($login[0] ? ((strpos($_REQUEST['redirect'], '://') ? '' : '//') . $_REQUEST['redirect']) : '/authenticate'),
+                'redirect'  => ($login[0] ? $_REQUEST['redirect'] : '/authenticate'),
                 'message'   => $messages[$login[1]]
             ];