essae
/
ccah-assessment
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ccah-assessment/auth-manager.php

47 lines
1.5 KiB
PHP
Raw Blame History

<?php
require_once 'db.php'; // Ensure this contains the DB connection
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
// Check if authentication token is provided via GET or session
if (!isset($_GET['auth']) && !isset($_SESSION['auth_token'])) {
die("Unauthorized access. No authentication token provided.");
}
// Use session token if available, otherwise use URL token
$authToken = $_SESSION['auth_token'] ?? $_GET['auth'];
$_SESSION['auth_token'] = $authToken;
// Connect to the database
$conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error) {
die("Database connection error.");
}
// Fetch user information from database
$stmt = $conn->prepare("SELECT id, email, given_name, surname, is_board_member, expired FROM users WHERE auth_token = ?");
$stmt->bind_param("s", $authToken);
$stmt->execute();
$result = $stmt->get_result();
$user = $result->fetch_assoc();
// Check if the token is valid and not expired
if (!$user || $user['expired'] == 1) {
die("Unauthorized access - Invalid or expired token.");
}
// Store user details in session
$_SESSION['user_id'] = intval($user['id']);
$_SESSION['email'] = $user['email'];
$_SESSION['full_name'] = $user['given_name'] . " " . $user['surname'];
$_SESSION['is_board_member'] = intval($user['is_board_member']);
// Redirect users to questionnaire page if authentication was done via URL
if (isset($_GET['auth'])) {
header("Location: questionnaire.html");
exit;
}
?>
Reference in New Issue View Git Blame Copy Permalink