Improved authentication system with session-based tokens
This commit is contained in:
overplayed
parent
2f58aa563a
commit
4627c7ef00
|
|
@ -0,0 +1,54 @@
|
|||
<?php
|
||||
require_once __DIR__ . "/db.php";
|
||||
|
||||
if (session_status() === PHP_SESSION_NONE) {
|
||||
session_start();
|
||||
}
|
||||
|
||||
// Ensure token is provided via GET or Session
|
||||
if (!isset($_GET['auth']) && !isset($_SESSION['auth_token'])) {
|
||||
echo "Unauthorized access. Please use the correct link with your authentication token.";
|
||||
exit;
|
||||
}
|
||||
|
||||
// Use session token if available, otherwise use URL token
|
||||
$authToken = $_SESSION['auth_token'] ?? $_GET['auth'];
|
||||
|
||||
// Ensure database connection is valid
|
||||
$conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
||||
if ($conn->connect_error) {
|
||||
error_log("Database connection error: " . $conn->connect_error);
|
||||
die("Database connection error.");
|
||||
}
|
||||
|
||||
// Fetch user information, including token expiration
|
||||
$query = "SELECT id, email, given_name, surname, is_board_member, token_expires_at FROM users WHERE auth_token = ?";
|
||||
$stmt = $conn->prepare($query);
|
||||
$stmt->bind_param("s", $authToken);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
|
||||
if ($result->num_rows === 0) {
|
||||
die("Unauthorized access - Invalid token.");
|
||||
}
|
||||
|
||||
$user = $result->fetch_assoc();
|
||||
|
||||
// Check if token is expired
|
||||
if (strtotime($user['token_expires_at']) < time()) {
|
||||
die("Unauthorized access - Token expired. Please contact your administrator.");
|
||||
}
|
||||
|
||||
// Store session data
|
||||
$_SESSION['auth_token'] = $authToken; // Store token for future use
|
||||
$_SESSION['user_id'] = intval($user['id']);
|
||||
$_SESSION['email'] = $user['email'];
|
||||
$_SESSION['full_name'] = $user['given_name'] . " " . $user['surname'];
|
||||
$_SESSION['is_board_member'] = intval($user['is_board_member']);
|
||||
|
||||
// Redirect only if using URL token
|
||||
if (isset($_GET['auth']) && !isset($_SESSION['auth_token'])) {
|
||||
header("Location: questionnaire.php");
|
||||
exit;
|
||||
}
|
||||
?>
|
||||
|
|
@ -1,4 +1,6 @@
|
|||
<!DOCTYPE html>
|
||||
<?php require_once "../auth-manager.php"; ?>
|
||||
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
|
|
@ -13,7 +15,12 @@
|
|||
<div class="text-center mb-4">
|
||||
<img src="../assets/img/ccah-logo.png" alt="CCAH Logo" style="max-height:100px;">
|
||||
</div>
|
||||
<div class="text-center">
|
||||
<img id="board-member-image" src="../assets/img/ccah-logo.png" alt="Board Member Image" style="max-height:100px; display:none;">
|
||||
</div>
|
||||
<h3 class="text-center">CCAH IT Assessment Questionnaire</h3>
|
||||
<p id="board-member-message" class="text-center fw-bold" style="display:none;">Welcome, Board Member!</p>
|
||||
|
||||
|
||||
<form id="assessment-form">
|
||||
<div id="form-message" class="alert d-none mt-3"></div>
|
||||
|
|
|
|||
Loading…
Reference in New Issue