From ce4fadf280763f303f179bc32f2c205390ff41c2 Mon Sep 17 00:00:00 2001
From: Diego Najar <dignajar@gmail.com>
Date: Wed, 8 Nov 2017 00:00:48 +0100
Subject: [PATCH] Remember me improves

---
 bl-kernel/admin/controllers/login.php |  9 +-----
 bl-kernel/admin/views/login.php       |  4 +++
 bl-kernel/boot/init.php               |  1 +
 bl-kernel/helpers/cookie.class.php    |  2 +-
 bl-kernel/login.class.php             | 40 +++++++++++++++++++++------
 5 files changed, 38 insertions(+), 18 deletions(-)

diff --git a/bl-kernel/admin/controllers/login.php b/bl-kernel/admin/controllers/login.php
index a4e0c05c..9332e772 100644
--- a/bl-kernel/admin/controllers/login.php
+++ b/bl-kernel/admin/controllers/login.php
@@ -47,14 +47,7 @@ function checkRememberMe()
 		return false;
 	}
 
-	if (!Cookie::isset(REMEMBER_COOKIE_USERNAME) || !Cookie::isset(REMEMBER_COOKIE_TOKEN)) {
-		return false;
-	}
-
-	$username = Cookie::get(REMEMBER_COOKIE_USERNAME);
-	$token = Cookie::get(REMEMBER_COOKIE_TOKEN);
-
-	if ($Login->verifyUserByRemember($username, $token)) {
+	if ($Login->verifyUserByRemember()) {
 		$Security->generateTokenCSRF();
 		Redirect::page('dashboard');
 		return true;
diff --git a/bl-kernel/admin/views/login.php b/bl-kernel/admin/views/login.php
index b21a22d4..b3807477 100644
--- a/bl-kernel/admin/views/login.php
+++ b/bl-kernel/admin/views/login.php
@@ -12,6 +12,10 @@
 	<input name="password" class="uk-width-1-1 uk-form-large" placeholder="<?php $L->p('Password') ?>" type="password">
 	</div>
 
+	<div class="uk-form-row">
+	<label><input type="checkbox" name="remember"> Remember me</label>
+	</div>
+
 	<div class="uk-form-row">
 	<button type="submit" class="uk-width-1-1 uk-button uk-button-primary uk-button-large"><?php $Language->p('Login') ?></button>
 	</div>
diff --git a/bl-kernel/boot/init.php b/bl-kernel/boot/init.php
index 8a8aaf29..3f441c1a 100644
--- a/bl-kernel/boot/init.php
+++ b/bl-kernel/boot/init.php
@@ -207,6 +207,7 @@ include(PATH_HELPERS.'paginator.class.php');
 include(PATH_HELPERS.'image.class.php');
 include(PATH_HELPERS.'tcp.class.php');
 include(PATH_HELPERS.'dom.class.php');
+include(PATH_HELPERS.'cookie.class.php');
 
 if (file_exists(PATH_KERNEL.'bludit.pro.php')) {
 	include(PATH_KERNEL.'bludit.pro.php');
diff --git a/bl-kernel/helpers/cookie.class.php b/bl-kernel/helpers/cookie.class.php
index 9c120ffb..04f06d9b 100644
--- a/bl-kernel/helpers/cookie.class.php
+++ b/bl-kernel/helpers/cookie.class.php
@@ -5,7 +5,7 @@ class Cookie {
 	public static function get($key)
 	{
 		if (isset($_COOKIE[$key])) {
-			return $_COOKIE[$name];
+			return $_COOKIE[$key];
 		}
 		return false;
 	}
diff --git a/bl-kernel/login.class.php b/bl-kernel/login.class.php
index c48a2ee1..89736914 100644
--- a/bl-kernel/login.class.php
+++ b/bl-kernel/login.class.php
@@ -61,6 +61,20 @@ class Login {
 		// Set the token on the cookies
 		Cookie::set(REMEMBER_COOKIE_USERNAME, $username, REMEMBER_COOKIE_EXPIRE_IN_DAYS);
 		Cookie::set(REMEMBER_COOKIE_TOKEN, $token, REMEMBER_COOKIE_EXPIRE_IN_DAYS);
+
+		Log::set(__METHOD__.LOG_SEP.'Cookies seted for Remember Me.');
+	}
+
+	public function invalidateRememberMe()
+	{
+		// Invalidate all tokens on the user databases
+		$this->dbUsers->invalidateAllRememberTokens();
+
+		// Destroy the cookies
+		Cookie::set(REMEMBER_COOKIE_USERNAME, '', -1);
+		Cookie::set(REMEMBER_COOKIE_TOKEN, '', -1);
+		unset($_COOKIE[REMEMBER_COOKIE_USERNAME]);
+		unset($_COOKIE[REMEMBER_COOKIE_TOKEN]);
 	}
 
 	// Check if the username and the password are valid
@@ -101,11 +115,16 @@ class Login {
 		return false;
 	}
 
-	// Verified Remember Token
-	// If valid log in the user
-	// If not valid invalidate all remember me tokens
-	public function verifyUserByRemember($username, $token)
+	// Check if the user has the cookies and the correct token
+	public function verifyUserByRemember()
 	{
+		if (!Cookie::isset(REMEMBER_COOKIE_USERNAME) || !Cookie::isset(REMEMBER_COOKIE_TOKEN)) {
+			return false;
+		}
+
+		$username 	= Cookie::get(REMEMBER_COOKIE_USERNAME);
+		$token 		= Cookie::get(REMEMBER_COOKIE_TOKEN);
+
 		$username 	= Sanitize::html($username);
 		$token 		= Sanitize::html($token);
 
@@ -113,20 +132,21 @@ class Login {
 		$token 		= trim($token);
 
 		if (empty($username) || empty($token)) {
-			$this->dbUsers->invalidateAllRememberTokens();
+			$this->invalidateRememberMe();
 			Log::set(__METHOD__.LOG_SEP.'Username or Token empty. Username: '.$username.' - Token: '.$token);
 			return false;
 		}
 
-		if ($username !== $this->getByRememberToken($token)) {
-			$this->dbUsers->invalidateAllRememberTokens();
-			Log::set(__METHOD__.LOG_SEP.'The user has different token or the token doesnt exist.');
+		if ($username !== $this->dbUsers->getByRememberToken($token)) {
+			$this->invalidateRememberMe();
+			Log::set(__METHOD__.LOG_SEP.'The user has different token or the token doesn\'t exist.');
 			return false;
 		}
 
 		// Validate user and login
 		$user = $this->dbUsers->getDb($username);
 		$this->setLogin($username, $user['role']);
+		Log::set(__METHOD__.LOG_SEP.'User authenticated via Remember Me.');
 		return true;
 	}
 
@@ -141,6 +161,8 @@ class Login {
 
 	public function logout()
 	{
-		return Session::destroy();
+		$this->invalidateRememberMe();
+		Session::destroy();
+		return true;
 	}
 }
\ No newline at end of file