From 261816fa4eaac30b2cae5301e4f4bb59975d8f7f Mon Sep 17 00:00:00 2001 From: Jarkko Toivanen Date: Sat, 28 Sep 2024 18:47:40 +0300 Subject: [PATCH] Check token expiry --- inc/database.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/inc/database.php b/inc/database.php index 55244b7..e2605f2 100755 --- a/inc/database.php +++ b/inc/database.php @@ -169,11 +169,15 @@ class DataBase extends SQLite3 { $token = base64_decode($_COOKIE['token']); } $hashed = hash('sha256', $token); - $sql = "SELECT id AS id, userid AS userid FROM tokens WHERE token='$hashed';"; + $sql = "SELECT id AS id, userid AS userid, expires AS expires FROM tokens WHERE token='$hashed';"; $ret = $this->query($sql)->fetchArray(SQLITE3_ASSOC); if(!$ret) { return false; } + if ($ret['expires'] < time()) { + $this->tokenRemove($token); + return false; + } $this->tokenRefresh($ret['id']); return $ret['userid']; }