Implemented storage of authentication token in database and cookies (latter are isolated per domain)

include/lucidAuth.functions.php

@@ -9,7 +9,11 @@ try {
 #	switch ($settings->Database['Driver']) {
 #		case 'sqlite':
 #			$database = new PDO('sqlite:' . $settings->Database['Path']);
-	$pdoDB = new PDO('sqlite:' . $settings->Sqlite['Path']);
+	if (is_writable($settings->Sqlite['Path'])) {
+		$pdoDB = new PDO('sqlite:' . $settings->Sqlite['Path']);
+	} else {
+		throw new Exception(sprintf('Database file \'%1$s\' is not writable', $settings->Sqlite['Path']));
+	}
 #	}
 }
 catch (Exception $e) {
@@ -41,18 +45,7 @@ function authenticateLDAP (string $username, string $password) {
 			];
 
 			$secureToken = JWT::encode($jwtPayload, base64_decode($settings->JWT['PrivateKey_base64']));
-			// Store authentication token in database
-			$pdoQuery = $pdoDB->prepare('
-				INSERT INTO SecureToken (UserId, Value)
-				SELECT User.Id, :securetoken
-				FROM User
-				WHERE User.Username = :qualifiedusername
- 			');
-			$pdoQuery->execute([
-				'securetoken'		=>	$secureToken,
-				'qualifiedusername'	=>	$qualifiedUsername
-			]);
-			
+
 			return ['status' => 'Success', 'token' => $secureToken];
 		} else {
 			// LDAP authentication failed!
@@ -75,7 +68,7 @@ function retrieveTokenFromDB (string $username, string $foo) {
 }
 
 function validateToken (string $secureToken) {
-	global $settings;
+	global $settings, $pdoDB;
 
 	try {
 		$jwtPayload = JWT::decode($secureToken, base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
@@ -84,6 +77,11 @@ function validateToken (string $secureToken) {
 		return ['status' => 'Fail', 'reason' => '1'];
 	}
 
+	if ((int)$jwtPayload->iat < (time() - (int)$settings->Session['Duration'])) {
+		// Expired token
+		return ['status' => 'Fail', 'reason' => '3'];
+	}
+
 	$pdoQuery = $pdoDB->prepare('
 		SELECT SecureToken.Value
 		FROM SecureToken
@@ -92,25 +90,25 @@ function validateToken (string $secureToken) {
 		WHERE User.Username = :username
 	');
 	$pdoQuery->execute([
-			'username'	=>	$jwtPayload['sub']
+			':username'	=>	(string)$jwtPayload->sub
 		]);
 	foreach($pdoQuery->fetchAll(PDO::FETCH_ASSOC) as $row) {
-		$storedTokens[] = $row['Value'];
+		try {
+			$storedTokens[] = JWT::decode($row['Value'], base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
+		} catch (Exception $e) {
+			continue;
+		}
 	}
-	
-print_r($storedTokens);
-#	if (!empty($storedTokens) && <in_array or array_walk to determine if any of the stored tokens match>) {
 
-#	} else {
+	if (!empty($storedTokens) && sizeof(array_filter($storedTokens, function ($value) use ($jwtPayload) {
+		return $value['iat'] === $jwtPayload['iat'];
+	})) === 1) {
+		// At least one of the database-stored tokens match
+		return ['status' => 'Success', 'token' => $jwtPayload];
+	} else {
 		// No matching token in database
-#		return ['status' => 'Fail', 'reason' => '2'];
-#	}
-
-	If ($secureToken['iat'] < (time() - $settings->Session['Duration'])) {
-		// Expired token
-		return ['status' => 'Fail', 'reason' => '3'];
+		return ['status' => 'Fail', 'reason' => '2'];
 	}
-	
 }
 
 ?>