Added Remember Me option by checking this you wont have to enter your MFA for up to 14 days on the device

2023-11-20 20:49:33 -05:00 · 2023-11-20 20:49:33 -05:00 · 0d6c58f1d0
parent dcd5103819
commit 0d6c58f1d0
3 changed files with 25 additions and 6 deletions
--- a/database_updates.php
+++ b/database_updates.php
@ -1504,6 +1504,12 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
        // Then, update the database to the next sequential version
        mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.9.5'");
    }
+
+    if (CURRENT_DATABASE_VERSION == '0.9.5') {
+        mysqli_query($mysqli, "ALTER TABLE `user_settings` ADD `user_config_remember_me_token` VARCHAR(255) NULL DEFAULT NULL AFTER `user_role`");
+        // Then, update the database to the next sequential version
+        mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.9.6'");
+    }
 } else {
    // Up-to-date
 }
--- a/database_version.php
+++ b/database_version.php
@ -5,5 +5,5 @@
 * It is used in conjunction with database_updates.php
 */

-DEFINE("LATEST_DATABASE_VERSION", "0.9.5");
+DEFINE("LATEST_DATABASE_VERSION", "0.9.6");

--- a/login.php
+++ b/login.php
@ -111,12 +111,25 @@ if (isset($_POST['login'])) {
        $user_email = sanitizeInput($row['user_email']);
        $token = sanitizeInput($row['user_token']);
        $force_mfa = intval($row['user_config_force_mfa']);
+        $remember_token = $row['user_config_remember_me_token'];
        if($force_mfa == 1 && $token == NULL) {
            $config_start_page = "user_profile.php";
        }

-        // Checking for user 2FA
-        if (empty($token) || TokenAuth6238::verify($token, $current_code)) {
+        $bypass_2fa = false;
+        if (isset($_COOKIE['rememberme']) && $_COOKIE['rememberme'] == $remember_token) {
+            $bypass_2fa = true;
+        } elseif (empty($token) || TokenAuth6238::verify($token, $current_code)) {
+            $bypass_2fa = true;
+        }
+
+        if ($bypass_2fa) {
+            if (isset($_POST['remember_me'])) {
+                $newRememberToken = bin2hex(random_bytes(64));
+                setcookie('rememberme', $newRememberToken, time() + 86400*14, "/", null, true, true);
+                $updateTokenQuery = "UPDATE user_settings SET user_config_remember_me_token = '$newRememberToken' WHERE user_id = $user_id";
+                mysqli_query($mysqli, $updateTokenQuery);
+            }

            // FULL LOGIN SUCCESS - 2FA not configured or was successful

@ -310,14 +323,14 @@ if (isset($_POST['login'])) {
                        </div>
                    </div>
                </div>
-                <!--
+
                <div class="form-group mb-3">
                    <div class="custom-control custom-checkbox">
-                        <input type="checkbox" class="custom-control-input" id="remember_me">
+                        <input type="checkbox" class="custom-control-input" id="remember_me" name="remember_me">
                        <label class="custom-control-label" for="remember_me">Remember Me</label>
                    </div>
                </div>
-                !-->
+
                <?php if (isset($token_field)) { echo $token_field; } ?>

                <button type="submit" class="btn btn-primary btn-block mb-3" name="login">Sign In</button>