From e9f1a2e27670f1665260453b57b79a7959c12fc7 Mon Sep 17 00:00:00 2001 From: Sandro Santilli Date: Fri, 21 Apr 2017 15:13:34 +0200 Subject: [PATCH 1/8] Expire log-in cookie in 90 days rather than 7 --- include/auth.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/auth.php b/include/auth.php index 57e9d9bf6..636b5b153 100644 --- a/include/auth.php +++ b/include/auth.php @@ -19,7 +19,8 @@ if (isset($_COOKIE["Friendica"])) { } // Renew the cookie - new_cookie(604800, $r[0]); + // Expires after 90 days - TODO: use a configuration variable + new_cookie(90*24*60*60, $r[0]); // Do the authentification if not done by now if (!isset($_SESSION) OR !isset($_SESSION['authenticated'])) { From 05b6891e89c52f325aaa910f853938b39bf8129e Mon Sep 17 00:00:00 2001 From: Sandro Santilli Date: Fri, 21 Apr 2017 16:15:39 +0200 Subject: [PATCH 2/8] Allow specifying cookie lifetime via config variable Tweak $a->config['system']['auth_cookie_lifetime'] --- htconfig.php | 3 +++ include/auth.php | 6 ++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/htconfig.php b/htconfig.php index 4ea97e9ae..08beb0b50 100644 --- a/htconfig.php +++ b/htconfig.php @@ -91,3 +91,6 @@ $a->config['system']['directory'] = 'https://dir.friendica.social'; // Allowed protocols in link URLs; HTTP protocols always are accepted $a->config['system']['allowed_link_protocols'] = array('ftp', 'ftps', 'mailto', 'cid', 'gopher'); + +// Authentication cookie lifetime, in days +$a->config['system']['auth_cookie_lifetime'] = 7 diff --git a/include/auth.php b/include/auth.php index 636b5b153..2258128c5 100644 --- a/include/auth.php +++ b/include/auth.php @@ -19,8 +19,10 @@ if (isset($_COOKIE["Friendica"])) { } // Renew the cookie - // Expires after 90 days - TODO: use a configuration variable - new_cookie(90*24*60*60, $r[0]); + // Expires after 7 days by default, + // can be set via system.auth_cookie_lifetime + $authcookiedays = get_config('system','auth_cookie_lifetime') || 7; + new_cookie($authcookiedays*24*60*60, $r[0]); // Do the authentification if not done by now if (!isset($_SESSION) OR !isset($_SESSION['authenticated'])) { From e2a0a72598e494694bfc8fc731323584cbfa55ec Mon Sep 17 00:00:00 2001 From: Sandro Santilli Date: Fri, 21 Apr 2017 17:09:06 +0200 Subject: [PATCH 3/8] Use Config::get --- include/auth.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/include/auth.php b/include/auth.php index 2258128c5..d819a636b 100644 --- a/include/auth.php +++ b/include/auth.php @@ -1,4 +1,7 @@ Date: Fri, 21 Apr 2017 17:13:05 +0200 Subject: [PATCH 4/8] Add missing semicolon --- htconfig.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htconfig.php b/htconfig.php index 08beb0b50..f9b50cd4c 100644 --- a/htconfig.php +++ b/htconfig.php @@ -93,4 +93,4 @@ $a->config['system']['directory'] = 'https://dir.friendica.social'; $a->config['system']['allowed_link_protocols'] = array('ftp', 'ftps', 'mailto', 'cid', 'gopher'); // Authentication cookie lifetime, in days -$a->config['system']['auth_cookie_lifetime'] = 7 +$a->config['system']['auth_cookie_lifetime'] = 7; From 270d604a6e9f67290e3450ad4a9f3922dc405ac9 Mon Sep 17 00:00:00 2001 From: Sandro Santilli Date: Fri, 21 Apr 2017 17:19:11 +0200 Subject: [PATCH 5/8] Add documentation --- doc/htconfig.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/htconfig.md b/doc/htconfig.md index a7dd59d1f..a2da0ed9c 100644 --- a/doc/htconfig.md +++ b/doc/htconfig.md @@ -25,6 +25,7 @@ Example: To set the directory value please add this line to your .htconfig.php: * **allowed_link_protocols** (Array) - Allowed protocols in links URLs, add at your own risk. http is always allowed. * **birthday_input_format** - Default value is "ymd". * **block_local_dir** (Boolean) - Blocks the access to the directory of the local users. +* **auth_cookie_lifetime** (Integer) - Number of days that should pass without any activity from a before before the users who choosed "Remember me" when logging in from that browser is considered logged out. * **curl_range_bytes** - Maximum number of bytes that should be fetched. Default is 0, which mean "no limit". * **db_log** - Name of a logfile to log slow database queries * **db_loglimit** - If a database call lasts longer than this value it is logged From e08228ca09a9477e903bfb4008500fe6fdeadd78 Mon Sep 17 00:00:00 2001 From: Sandro Santilli Date: Fri, 21 Apr 2017 17:19:58 +0200 Subject: [PATCH 6/8] Add auth_cookie_lifetime variable to installation config template --- view/templates/htconfig.tpl | 3 +++ 1 file changed, 3 insertions(+) diff --git a/view/templates/htconfig.tpl b/view/templates/htconfig.tpl index 03a70986b..1aba902ad 100644 --- a/view/templates/htconfig.tpl +++ b/view/templates/htconfig.tpl @@ -99,3 +99,6 @@ $a->config['system']['no_regfullname'] = true; // Location of the global directory $a->config['system']['directory'] = 'http://dir.friendi.ca'; + +// Authentication cookie lifetime, in days +$a->config['system']['auth_cookie_lifetime'] = 7; From 24c023eb0e7dd8d1081ec8822137a9a251cc347b Mon Sep 17 00:00:00 2001 From: Sandro Santilli Date: Fri, 21 Apr 2017 17:20:28 +0200 Subject: [PATCH 7/8] Add default value to documentation for system.auth_cookie_lifetime --- doc/htconfig.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/htconfig.md b/doc/htconfig.md index a2da0ed9c..b2f718296 100644 --- a/doc/htconfig.md +++ b/doc/htconfig.md @@ -25,7 +25,7 @@ Example: To set the directory value please add this line to your .htconfig.php: * **allowed_link_protocols** (Array) - Allowed protocols in links URLs, add at your own risk. http is always allowed. * **birthday_input_format** - Default value is "ymd". * **block_local_dir** (Boolean) - Blocks the access to the directory of the local users. -* **auth_cookie_lifetime** (Integer) - Number of days that should pass without any activity from a before before the users who choosed "Remember me" when logging in from that browser is considered logged out. +* **auth_cookie_lifetime** (Integer) - Number of days that should pass without any activity from a before before the users who choosed "Remember me" when logging in from that browser is considered logged out. Defaults to 7. * **curl_range_bytes** - Maximum number of bytes that should be fetched. Default is 0, which mean "no limit". * **db_log** - Name of a logfile to log slow database queries * **db_loglimit** - If a database call lasts longer than this value it is logged From a6c62872886f1f08b26ce3e89e3dfd9088c1cc25 Mon Sep 17 00:00:00 2001 From: Sandro Santilli Date: Fri, 21 Apr 2017 17:36:45 +0200 Subject: [PATCH 8/8] Fix Config::get call --- include/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/auth.php b/include/auth.php index d819a636b..c1a6120db 100644 --- a/include/auth.php +++ b/include/auth.php @@ -24,7 +24,7 @@ if (isset($_COOKIE["Friendica"])) { // Renew the cookie // Expires after 7 days by default, // can be set via system.auth_cookie_lifetime - $authcookiedays = Config::get('system', 'auth_cookie_lifetime') || 7; + $authcookiedays = Config::get('system', 'auth_cookie_lifetime', 7); new_cookie($authcookiedays*24*60*60, $r[0]); // Do the authentification if not done by now