Added database queries during login flow

include/lucidAuth.functions.php

@@ -41,6 +41,18 @@ function authenticateLDAP (string $username, string $password) {
 			];
 
 			$secureToken = JWT::encode($jwtPayload, base64_decode($settings->JWT['PrivateKey_base64']));
+			// Store authentication token in database
+			$pdoQuery = $pdoDB->prepare('
+				INSERT INTO SecureToken (UserId, Value)
+				SELECT User.Id, :securetoken
+				FROM User
+				WHERE User.Username = :qualifiedusername
+ 			');
+			$pdoQuery->execute([
+				'securetoken'		=>	$secureToken,
+				'qualifiedusername'	=>	$qualifiedUsername
+			]);
+			
 			return ['status' => 'Success', 'token' => $secureToken];
 		} else {
 			// LDAP authentication failed!
@@ -68,12 +80,12 @@ function validateToken (string $secureToken) {
 	try {
 		$jwtPayload = JWT::decode($secureToken, base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
 	} catch (Exception $e) {
-		// Invalid token, inform client (client should handle discarding invalid token)
+		// Invalid token
-		return ['status' => 'Fail', 'reason' => '3'];
+		return ['status' => 'Fail', 'reason' => '1'];
 	}
 
 	$pdoQuery = $pdoDB->prepare('
-		SELECT SecureToken.Payload
+		SELECT SecureToken.Value
 		FROM SecureToken
 		LEFT JOIN User 
 			ON (User.Id=SecureToken.UserId)
@@ -83,16 +95,19 @@ function validateToken (string $secureToken) {
 			'username'	=>	$jwtPayload['sub']
 		]);
 	foreach($pdoQuery->fetchAll(PDO::FETCH_ASSOC) as $row) {
-		$storedTokens[] = $row['Payload'];
+		$storedTokens[] = $row['Value'];
 	}
 	
-	print_r($storedTokens);
+print_r($storedTokens);
 #	if (!empty($storedTokens) && <in_array or array_walk to determine if any of the stored tokens match>) {
 
+#	} else {
+		// No matching token in database
+#		return ['status' => 'Fail', 'reason' => '2'];
 #	}
 
 	If ($secureToken['iat'] < (time() - $settings->Session['Duration'])) {
-		// Expired token (shouldn't the browser disregard it?)
+		// Expired token
 		return ['status' => 'Fail', 'reason' => '3'];
 	}
 	

public/lucidAuth.login.php

@@ -7,7 +7,7 @@
 		$result = authenticateLDAP($_POST['username'], $_POST['password']);
 		if ($result['status'] == 'Success') {
 			// Save secure token in cookie
-            setcookie('JWT', $result['token'], (time() + $settings->Session['Duration']));
+			setcookie('JWT', $result['token'], (time() + $settings->Session['Duration']));
             
 			// Convert base64 encoded string back from JSON;
 			//   forcing it into an associative array (instead of javascript's default StdClass object)

public/lucidAuth.validateRequest.php

@@ -35,7 +35,10 @@
 		header("HTTP/1.1 202 Accepted");
 		exit;
 	} else {
-		// No cookie containing valid authentication token found, redirecting to loginpage
+		// No cookie containing valid authentication token found;
+		//   explicitly deleting any remaining cookie, then redirecting to loginpage
+		setcookie('JWT', FALSE);
+
 		header("HTTP/1.1 401 Unauthorized");
 		header("Location: lucidAuth.login.php?ref=" . base64_encode(json_encode($proxyHeaders)));
 	}