Create cookie-based login and authentication system

2025-07-20 22:33:57 -04:00 · 2022-07-10 18:58:55 -05:00 · 2022-07-10 18:58:55 -05:00 · 0bc3dc3830
commit 0bc3dc3830
parent 45221365b5
46 changed files with 528 additions and 195 deletions
--- a/www/sessions/new.php
+++ b/www/sessions/new.php
@ -0,0 +1,40 @@
+<?
+require_once('Core.php');
+
+use function Safe\session_unset;
+
+session_start();
+
+if($GLOBALS['User'] !== null){
+	header('Location: /');
+	exit();
+}
+
+$email = HttpInput::Str(SESSION, 'email', false);
+$redirect = HttpInput::Str(SESSION, 'redirect', false) ?? HttpInput::Str(GET, 'redirect', false);
+
+$exception = $_SESSION['exception'] ?? null;
+
+http_response_code(401);
+
+if($exception){
+	http_response_code(400);
+	session_unset();
+}
+?><?= Template::Header(['title' => 'Log In', 'highlight' => '', 'description' => 'Log in to your Standard Ebooks Patrons Circle account.']) ?>
+<main>
+	<section class="narrow">
+		<h1>Log in to the Patrons Circle</h1>
+		<p>Enter your email address to log in to your Patrons Circle account. Once you’re logged in, you’ll be able to <a href="/polls">vote in our occasional polls</a>, access our <a href="/bulk-downloads">bulk ebook downloads</a>, and access our <a href="/feeds">ebook feeds</a>.</p>
+		<p>Anyone can <a href="/donate#patrons-circle">join the Patrons Circle</a> with a small donation in support of our continuing mission to create free, beautiful digital literature.</p>
+		<?= Template::Error(['exception' => $exception]) ?>
+		<form method="post" action="/sessions" class="single-row">
+			<input type="hidden" name="redirect" value="<?= Formatter::ToPlainText($redirect) ?>" />
+			<label class="email">Your email address
+				<input type="email" name="email" value="<?= Formatter::ToPlainText($email) ?>" maxlength="80" required="required" />
+			</label>
+			<button>Log in</button>
+		</form>
+	</section>
+</main>
+<?= Template::Footer() ?>
--- a/www/sessions/post.php
+++ b/www/sessions/post.php
@ -0,0 +1,54 @@
+<?
+require_once('Core.php');
+
+use function Safe\preg_match;
+use function Safe\session_unset;
+
+if(HttpInput::RequestMethod() != HTTP_POST){
+	http_response_code(405);
+	exit();
+}
+
+session_start();
+
+$requestType = HttpInput::RequestType();
+
+$session = new Session();
+$email = HttpInput::Str(POST, 'email', false);
+$redirect = HttpInput::Str(POST, 'redirect', false);
+
+try{
+	if($redirect === null){
+		$redirect = '/';
+	}
+
+	$session->Create($email);
+
+	setcookie('sessionid', $session->SessionId, time() + 60 * 60 * 24 * 14 * 1, '/', SITE_DOMAIN, true, false); // Expires in two weeks
+
+	if($requestType == WEB){
+		http_response_code(303);
+		header('Location: ' . $redirect);
+	}
+	else{
+		// Access via REST api; 201 CREATED with location
+		http_response_code(201);
+		header('Location: ' . $session->Url);
+	}
+}
+catch(Exceptions\SeException $ex){
+	// Login failed
+	if($requestType == WEB){
+		$_SESSION['email'] = $email;
+		$_SESSION['redirect'] = $redirect;
+		$_SESSION['exception'] = $ex;
+
+		// Access via form; 303 redirect to the form, which will emit a 400 BAD REQUEST
+		http_response_code(303);
+		header('Location: /sessions/new');
+	}
+	else{
+		// Access via REST api; 400 BAD REQUEST
+		http_response_code(400);
+	}
+}