Use cookies for storing tokens

src/php/api/User.php

@@ -24,9 +24,10 @@ class User {
         }
       } else if (password_verify($password, $user['password'])) {
         $this->db->execute('UPDATE users SET last_login=' . time() . ' WHERE id=' . $user['id']);
+        setcookie('token', $this->generateUserToken($user['id'], $user['current_dictionary']));
         return array(
-          'token' => $this->generateUserToken($user['id'], $user['current_dictionary']),
           'user' => $this->getUserData($user['id']),
+          'dictionary' => $this->token->hash($user['current_dictionary']),
         );
       }
     }
@@ -59,9 +60,10 @@ VALUES (?, ?, ?, ?, ?)';
       if (isset($new_dictionary['error'])) {
         return $new_dictionary;
       } else {
+        setcookie('token', $this->generateUserToken($new_user_id, $new_dictionary));
         return array(
-          'token' => $this->generateUserToken($new_user_id, $new_dictionary),
           'user' => $this->getUserData($new_user_id),
+          'dictionary' => $this->token->hash($new_dictionary),
         );
       }
     }
@@ -95,7 +97,7 @@ VALUES (?, ?, ?, ?, ?)';
   }
 
   public function getUserData ($user_id) {
-    $query = 'SELECT * FROM users WHERE id=?';
+    $query = 'SELECT email, public_name, allow_emails FROM users WHERE id=?';
     $stmt = $this->db->query($query, array($user_id));
     $user = $stmt->fetch();
     if ($stmt && $user) {

src/php/api/index.php

@@ -6,7 +6,7 @@ $inputJSON = file_get_contents('php://input');
 $request= json_decode($inputJSON, true);
 
 $action = isset($request['action']) ? $request['action'] : '';
-$token = isset($request['token']) ? $request['token'] : false;
+$token = isset($_COOKIE['token']) ? $_COOKIE['token'] : false;
 
 switch ($action) {
   case 'login': {