diff --git a/app/Controllers/AuthController.php b/app/Controllers/AuthController.php index 566c453..13f2006 100644 --- a/app/Controllers/AuthController.php +++ b/app/Controllers/AuthController.php @@ -156,6 +156,7 @@ class AuthController extends Controller $_SESSION['email'] = $user['email']; $_SESSION['role'] = $user['role']; $_SESSION['2fa_required'] = true; + $_SESSION['pending_remember'] = $remember; // Clear any existing session messages before redirecting to 2FA unset($_SESSION['error']); @@ -706,6 +707,14 @@ class AuthController extends Controller } } + /** + * Public wrapper for creating remember token (used by TwoFactorController after 2FA) + */ + public function createRememberTokenPublic(int $userId): void + { + $this->createRememberToken($userId); + } + /** * Create remember me token linked to current session */ diff --git a/app/Controllers/TwoFactorController.php b/app/Controllers/TwoFactorController.php index b2df9b2..60b7bac 100644 --- a/app/Controllers/TwoFactorController.php +++ b/app/Controllers/TwoFactorController.php @@ -276,7 +276,9 @@ class TwoFactorController extends Controller if ($verified) { // Clear 2FA requirement and complete login + $pendingRemember = !empty($_SESSION['pending_remember']); unset($_SESSION['2fa_required']); + unset($_SESSION['pending_remember']); // Determine which method was used $method = 'unknown'; @@ -296,6 +298,12 @@ class TwoFactorController extends Controller 'method' => $method ]); + // Handle remember me (carried over from login form) + if ($pendingRemember) { + $authController = new \App\Controllers\AuthController(); + $authController->createRememberTokenPublic($userId); + } + // Update last login timestamp $this->userModel->updateLastLogin($userId);