essae
/
ccah-assessment
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implemented token expiration handling

This commit is contained in:
overplayed 2025-03-15 19:34:14 -04:00
parent 3c5779ce35
commit a0525e3007
2 changed files with 23 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
load-responses.php
View File

@ -6,7 +6,8 @@ require_once __DIR__ . "/db.php";
header("Content-Type: application/json"); header("Content-Type: application/json");
// Get user token from session or URL // Get user token from session or URL
$userToken = $_SESSION['user_token'] ?? $_GET['token'] ?? null; $userToken = $_GET['token'] ?? null;
if (!$userToken) { if (!$userToken) {
http_response_code(403); http_response_code(403);
@ -24,7 +25,7 @@ if ($conn->connect_error) {
} }
// Fetch user ID using token // Fetch user ID using token
$stmt = $conn->prepare("SELECT id FROM users WHERE auth_token = ?"); $stmt = $conn->prepare("SELECT id, token_expires_at FROM users WHERE auth_token = ?");
$stmt->bind_param("s", $userToken); $stmt->bind_param("s", $userToken);
$stmt->execute(); $stmt->execute();
$result = $stmt->get_result(); $result = $stmt->get_result();
@ -34,8 +35,16 @@ if (!$user) {
echo json_encode(["error" => "Invalid authentication token."]); echo json_encode(["error" => "Invalid authentication token."]);
exit; exit;
} }
// Check if token is expired
if (strtotime($user['token_expires_at']) < time()) {
http_response_code(403);
echo json_encode(["error" => "Authentication token has expired."]);
exit;
}
$userId = $user['id']; $userId = $user['id'];
// Fetch saved responses // Fetch saved responses
$stmt = $conn->prepare("SELECT * FROM questionnaire_responses WHERE user_id = ?"); $stmt = $conn->prepare("SELECT * FROM questionnaire_responses WHERE user_id = ?");
$stmt->bind_param("i", $userId); $stmt->bind_param("i", $userId);

14
submit.php
View File

@ -13,7 +13,8 @@ if ($_SERVER["REQUEST_METHOD"] !== "POST") {
} }
// Get user token from session or URL (whichever is applicable) // Get user token from session or URL (whichever is applicable)
$userToken = $_SESSION['user_token'] ?? $_GET['token'] ?? null; $userToken = $_POST['token'] ?? null;
if (!$userToken) { if (!$userToken) {
http_response_code(403); http_response_code(403);
@ -30,7 +31,8 @@ if ($conn->connect_error) {
} }
// Get user ID from token // Get user ID from token
$stmt = $conn->prepare("SELECT id FROM users WHERE auth_token = ?"); $stmt = $conn->prepare("SELECT id, token_expires_at FROM users WHERE auth_token = ?");
$stmt->bind_param("s", $userToken); $stmt->bind_param("s", $userToken);
$stmt->execute(); $stmt->execute();
$result = $stmt->get_result(); $result = $stmt->get_result();
@ -40,8 +42,16 @@ if (!$user) {
echo json_encode(["error" => "Invalid authentication token."]); echo json_encode(["error" => "Invalid authentication token."]);
exit; exit;
} }
// Check if token is expired
if (strtotime($user['token_expires_at']) < time()) {
http_response_code(403);
echo json_encode(["error" => "Authentication token has expired."]);
exit;
}
$userId = $user['id']; $userId = $user['id'];
// Extract & sanitize input // Extract & sanitize input
function sanitize($value) { function sanitize($value) {
return htmlspecialchars(strip_tags(trim($value))); return htmlspecialchars(strip_tags(trim($value)));