WIP: Too many redirects after user libary

auth.php

 <?php
-include 'library/auth.php';
+include_once 'library/autoload.php';
 
 if(isset($_POST['type'])){
 	if($_POST['type'] == 'login'){
 		$username = $_POST['username'];
 		$password = $_POST['password'];
-		if(do_login($username, $password)){
-			echo "Login success";
+		$remember = isset($_POST['remember']) ? $_POST['remember'] : '0';
+		if(do_login($username, $password, $remember)){
+			header('Location: home.php');
 		} else {
-			echo "Login failed";
+			header('Location: index.php?error=1');
 		}
 	} else if($_POST['type'] == 'signup'){
 		$full_name = $_POST['full_name'];

index.php

 <?php
 
-if(isset($_POST['auth']) and $_POST['email'] == "admin@gmail.com" and $_POST['password'] == "password"){
-  $flag = 1;
-} else {
-  $flag = 0;
-}
+include 'library/auth.php';
 
-if(isset($_POST['auth'])){
-  if($flag == 1){
+if(isset($_COOKIE['username']) and isset($_COOKIE['token'])){
+  if(verify_session($_COOKIE['username'], $_COOKIE['token'])){
     header("Location: home.php");
-  } else {
-    header("Location: index.php?error=1");
   }
 }
+
 ?>
 
 <!doctype html>
@@ -83,7 +78,7 @@ if(isset($_POST['auth'])){
     <input type="hidden" id="auth" name="type" value="login">
     <div class="checkbox mb-3">
       <label>
-        <input type="checkbox" value="remember-me"> Remember me
+        <input type="checkbox" value="1" name="remember"> Remember me
       </label>
     </div>
     <input class="w-100 btn btn-lg btn-success" type="submit" value="Sign In">

library/auth.php

@@ -27,12 +27,80 @@ function get_db_connection() {
 	}
 }
 
-function do_login($username, $password){
+function is_loggedin(){
+	if(isset($_COOKIE['username']) and isset($_COOKIE['token'])){
+	  if(!verify_session($_COOKIE['username'], $_COOKIE['token'])){
+	    return false;
+	  } else {
+	  	return true;
+	  }
+	} else {
+	  return false;
+	}
+}
+
+function do_login($username, $password, $remember){
 	$password = get_hashed_password($password);
 	$query = "SELECT * FROM lahtp_3_web.auth WHERE username='$username' AND password='$password';";
 	$connection = get_db_connection();
 	$result = mysqli_query($connection, $query);
-	return mysqli_num_rows($result);
+	if(mysqli_num_rows($result) == 1){
+		return add_session($username, $password, $remember, $connection);
+	} else {
+		return false;
+	}
+}
+
+function add_session($username, $password, $remember, $db_conn){
+	$token = get_hashed_password($password.time());
+	$query = "INSERT INTO `lahtp_3_web`.`sessions` (`username`, `session_token`, `remember`) VALUES ('$username', '$token', $remember);";
+	$result = mysqli_query($db_conn, $query);
+	if($result){
+		if($remember == '1'){
+			setcookie('username', $username, time()+(7*24*60*60)); //remember for 7 days
+			setcookie('token', $token, time()+(7*24*60*60));
+		} else {
+			setcookie('username', $username); //remember for session
+			setcookie('token', $token);
+		}
+		return 1;
+	}
+}
+
+function verify_session($username, $token){
+	$query = "SELECT * FROM lahtp_3_web.sessions WHERE username='$username' AND session_token='$token';";
+	$connection = get_db_connection();
+	$result = mysqli_query($connection, $query);
+	if(mysqli_num_rows($result) == 1){
+		$row = mysqli_fetch_assoc($result);
+		if($row['is_valid'] == 1){
+			$time = strtotime($row['created_on']);
+			if($row['remember'] == '1'){
+				if(time() <= $time+(7*24*60*60)){
+					return true;
+				} else {
+					return false;
+				}
+			} else {
+				if(time() <= $time+(1*24*60*60)){
+					return true;
+				} else {
+					return false;
+				}
+			}
+		} else {
+			return false;
+		}
+	}
+}
+
+function logout($username, $token){
+	print_r($username);
+	print_r($token);
+	$query = "UPDATE `lahtp_3_web`.`sessions` SET is_valid = '0' WHERE username = '$username' AND session_token = '$token';";
+	$db_conn = get_db_connection();
+	return mysqli_query($db_conn, $query);
+	//die();
 }
 
 function do_signup($username, $password, $full_name, $mobile){

library/autoload.php

+<?php
+
+include_once 'auth.php';
+include_once 'user.php';
\ No newline at end of file

library/user.php

+<?php
+
+function get_fullname(){
+	if(is_loggedin()){
+		$username = $_COOKIE['username'];
+		$query = "SELECT * FROM lahtp_3_web.auth WHERE username='$username'";
+		$connection = get_db_connection();
+		$result = mysqli_query($connection, $query);
+		if(mysqli_num_rows($result) == 1){
+			$row = mysqli_fetch_assoc($connection, $query);
+			return $row['full_name'];
+		} else {
+			return null;
+		}
+	} else {
+		return null;
+	}
+}
+

logout.php

+<?php
+
+include_once 'library/autoload.php';
+
+if(isset($_COOKIE['username']) and isset($_COOKIE['token'])){
+	logout($_COOKIE['username'], $_COOKIE['token']);
+}
+
+setcookie('username', '', time()-60);
+setcookie('token', '', time()-60);
+header("Location: index.php");
\ No newline at end of file

sg.php

@@ -5,13 +5,18 @@
 // print_r($_REQUEST);
 echo "POST: \n";
 print_r($_POST);
-echo "GET: \n";
+//echo gettype($_POST['remember']);
+echo "\nGET: \n";
 print_r($_GET);
 // print_r($_FILES);
 // print_r($_ENV);
-// print_r($_COOKIE);
+echo "\nCOOKIE: \n";
+print_r($_COOKIE);
 // print_r($_SESSION);
 
 //print_r($_SERVER);
+
+//setcookie('testcookie', 'testvalue', time()+60, '/sg.php', 'lahtp-b3.vhx.cloud');
+//setcookie('username', 'djsnf');
 ?>
 </pre>
\ No newline at end of file

signup.php

+<?php
+
+include 'library/auth.php';
+
+if(isset($_COOKIE['username']) and isset($_COOKIE['token'])){
+  if(verify_session($_COOKIE['username'], $_COOKIE['token'])){
+    header("Location: home.php");
+  }
+}
+
+?>
+
 <!doctype html>
 <html lang="en">
   <head>