essae
/
ccah-assessment
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improved authentication system with session-based tokens

This commit is contained in:
overplayed 2025-03-15 21:22:57 -04:00
parent 2f58aa563a
commit 4627c7ef00
2 changed files with 61 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
auth-manager.php Normal file
View File

@ -0,0 +1,54 @@
<?php
require_once __DIR__ . "/db.php";
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
// Ensure token is provided via GET or Session
if (!isset($_GET['auth']) && !isset($_SESSION['auth_token'])) {
echo "Unauthorized access. Please use the correct link with your authentication token.";
exit;
}
// Use session token if available, otherwise use URL token
$authToken = $_SESSION['auth_token'] ?? $_GET['auth'];
// Ensure database connection is valid
$conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error) {
error_log("Database connection error: " . $conn->connect_error);
die("Database connection error.");
}
// Fetch user information, including token expiration
$query = "SELECT id, email, given_name, surname, is_board_member, token_expires_at FROM users WHERE auth_token = ?";
$stmt = $conn->prepare($query);
$stmt->bind_param("s", $authToken);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows === 0) {
die("Unauthorized access - Invalid token.");
}
$user = $result->fetch_assoc();
// Check if token is expired
if (strtotime($user['token_expires_at']) < time()) {
die("Unauthorized access - Token expired. Please contact your administrator.");
}
// Store session data
$_SESSION['auth_token'] = $authToken; // Store token for future use
$_SESSION['user_id'] = intval($user['id']);
$_SESSION['email'] = $user['email'];
$_SESSION['full_name'] = $user['given_name'] . " " . $user['surname'];
$_SESSION['is_board_member'] = intval($user['is_board_member']);
// Redirect only if using URL token
if (isset($_GET['auth']) && !isset($_SESSION['auth_token'])) {
header("Location: questionnaire.php");
exit;
}
?>

7
forms/questionnaire.html
View File

@ -1,4 +1,6 @@
<!DOCTYPE html> <!DOCTYPE html>
<?php require_once "../auth-manager.php"; ?>
<html lang="en"> <html lang="en">
<head> <head>
<meta charset="UTF-8"> <meta charset="UTF-8">
@ -13,7 +15,12 @@
<div class="text-center mb-4"> <div class="text-center mb-4">
<img src="../assets/img/ccah-logo.png" alt="CCAH Logo" style="max-height:100px;"> <img src="../assets/img/ccah-logo.png" alt="CCAH Logo" style="max-height:100px;">
</div> </div>
<div class="text-center">
<img id="board-member-image" src="../assets/img/ccah-logo.png" alt="Board Member Image" style="max-height:100px; display:none;">
</div>
<h3 class="text-center">CCAH IT Assessment Questionnaire</h3> <h3 class="text-center">CCAH IT Assessment Questionnaire</h3>
<p id="board-member-message" class="text-center fw-bold" style="display:none;">Welcome, Board Member!</p>
<form id="assessment-form"> <form id="assessment-form">
<div id="form-message" class="alert d-none mt-3"></div> <div id="form-message" class="alert d-none mt-3"></div>