Merge pull request #743 from rrobgill/cookielogin

Persistent login cookie
2025-12-24 20:55:28 +00:00 · 2018-05-14 21:03:16 -04:00
parent fb337ddd37 967763b6da
commit fc795e3b10
2 changed files with 29 additions and 1 deletions
--- a/scripts/pi-hole/php/loginpage.php
+++ b/scripts/pi-hole/php/loginpage.php
@@ -35,6 +35,9 @@
          </ul>
          </div>
          <div class="col-xs-4">
+            <div class="form-group">
+              <div class="checkbox pull-right"><label><input type="checkbox" id="logincookie" name="persistentlogin">Remember me for 7 days</label></div>
+            </div>
            <button type="submit" href="#" class="btn btn-primary pull-right"><i class="glyphicon glyphicon-log-in"></i>&nbsp;&nbsp;&nbsp;Log in</button>
          </div>
        </div>
--- a/scripts/pi-hole/php/password.php
+++ b/scripts/pi-hole/php/password.php
@@ -24,9 +24,13 @@
    }

    // If the user wants to log out, we free all session variables currently registered
+    // and delete any persistent cookie.
    if(isset($_GET["logout"]))
    {
        session_unset();
+        setcookie('persistentlogin', '');
+        header('Location: index.php');
+        exit();
    }

    $wrongpassword = false;
@@ -35,8 +39,24 @@
    // Test if password is set
    if(strlen($pwhash) > 0)
    {
+        // Check for and authorize from persistent cookie 
+        if (isset($_COOKIE["persistentlogin"]))
+        {
+            if ($pwhash = $_COOKIE["persistentlogin"])
+            {
+                $auth = true;
+                // Refresh cookie with new expiry
+                setcookie('persistentlogin', $pwhash, time()+60*60*24*7);
+            }
+            else
+            {
+                // Invalid cookie
+                $auth = false;
+                setcookie('persistentlogin', '');
+            }
+        }
        // Compare doubly hashes password input with saved hash
-        if(isset($_POST["pw"]))
+        else if(isset($_POST["pw"]))
        {
            $postinput = hash('sha256',hash('sha256',$_POST["pw"]));
            if(hash_equals($pwhash, $postinput))
@@ -45,6 +65,11 @@

                // Login successful, redirect the user to the homepage to discard the POST request
                if ($_SERVER['REQUEST_METHOD'] === 'POST' && $_SERVER['QUERY_STRING'] === 'login') {
+                    // Set persistent cookie if selected
+                    if (isset($_POST['persistentlogin']))
+                    {
+                        setcookie('persistentlogin', $pwhash, time()+60*60*24*7);
+                    }
                    header('Location: index.php');
                    exit();
                }