logout(); // get the player by their username $id = Player::validateCredentials($identifier, $password); if ($id === false) return false; // set the session $_SESSION['player_id'] = $id; self::$id = $id; // set the remember me cookie if ($remember) $this->remember($id); return true; } private function remember(int $id): array { $data = ['player_id' => $id, 'token' => token()]; Session::createOrUpdate($data); // save the token in the database, overwriting the old one if it exists setcookie(self::COOKIE_NAME, implode('::', $data), strtotime('+30 days'), '/', '', true, true); return $data; } public function logout(): void { if (isset($_SESSION['player_id'])) unset($_SESSION['player_id']); if (isset($_COOKIE[self::COOKIE_NAME])) setcookie(self::COOKIE_NAME, '', time() - 86400, '/', '', true, true); if (ini_get("session.use_cookies")) { $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]); } session_destroy(); } public function good(): bool { // if our player_id session still exists, carry on if (isset($_SESSION['player_id'])) { self::$id = $_SESSION['player_id']; return true; } // if a remember me cookie exists, try to validate it if (isset($_COOKIE[self::COOKIE_NAME])) { $cookie = explode('::', $_COOKIE[self::COOKIE_NAME]); // player_id::token // try to validate the token if (!Session::validate($cookie[0], $cookie[1])) return false; // the token is invalid // token is valid, refresh cookie and assign session $this->remember($cookie[0]); $_SESSION['player_id'] = $cookie[0]; self::$id = $cookie[0]; return true; } return false; } public static function boot(): void { // adjust session settings ini_set('session.gc_maxlifetime', 604800); // 1 week in seconds ini_set('session.cookie_lifetime', 604800); // 1 week in seconds // ensure secure session handling ini_set('session.use_strict_mode', 1); ini_set('session.cookie_httponly', 1); ini_set('session.cookie_secure', 1); // only if using HTTPS // start the session session_start(); // regenerate session ID to prevent session fixation if (!isset($_SESSION['initiated'])) { session_regenerate_id(true); $_SESSION['initiated'] = true; } } }