Improved "remember me" functionality
This commit is contained in:
parent
1756ecaba3
commit
b4369d51f5
|
@ -10,6 +10,30 @@ function nuke_session() {
|
||||||
session_unset();
|
session_unset();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// When the "Friendica" cookie is set, take the value to authenticate and renew the cookie.
|
||||||
|
if(isset($_COOKIE["Friendica"])) {
|
||||||
|
$data = json_decode($_COOKIE["Friendica"]);
|
||||||
|
|
||||||
|
if (isset($data->uid)) {
|
||||||
|
$r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey`
|
||||||
|
FROM `user` WHERE `uid` = %d AND `blocked` = 0 AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 LIMIT 1",
|
||||||
|
intval($data->uid)
|
||||||
|
);
|
||||||
|
|
||||||
|
if ($r) {
|
||||||
|
// Renew the cookie
|
||||||
|
new_cookie(604800, json_encode(array("uid" => $r[0]["uid"], "ip" => $_SERVER['REMOTE_ADDR'])));
|
||||||
|
|
||||||
|
// Do the authentification if not done by now
|
||||||
|
if(!isset($_SESSION) OR !isset($_SESSION['authenticated'])) {
|
||||||
|
authenticate_success($r[0], false, false, false);
|
||||||
|
|
||||||
|
if (get_config('system','paranoia'))
|
||||||
|
$_SESSION['addr'] = $data->ip;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// login/logout
|
// login/logout
|
||||||
|
|
||||||
|
@ -155,30 +179,20 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
|
||||||
$record = $r[0];
|
$record = $r[0];
|
||||||
}
|
}
|
||||||
|
|
||||||
if((! $record) || (! count($record))) {
|
if (!$record || !count($record)) {
|
||||||
logger('authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']);
|
logger('authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']);
|
||||||
notice( t('Login failed.') . EOL );
|
notice( t('Login failed.') . EOL );
|
||||||
goaway(z_root());
|
goaway(z_root());
|
||||||
}
|
}
|
||||||
|
|
||||||
// If the user specified to remember the authentication, then change the cookie
|
// If the user specified to remember the authentication, then set a cookie
|
||||||
// to expire after one year (the default is when the browser is closed).
|
// that expires after one week (the default is when the browser is closed).
|
||||||
// If the user did not specify to remember, change the cookie to expire when the
|
// The cookie will be renewed automatically.
|
||||||
// browser is closed. The reason this is necessary is because if the user
|
// The week ensures that sessions will expire after some inactivity.
|
||||||
// specifies to remember, then logs out and logs back in without specifying to
|
if($_POST['remember'])
|
||||||
// remember, the old "remember" cookie may remain and prevent the session from
|
new_cookie(604800, json_encode(array("uid" => $r[0]["uid"], "ip" => $_SERVER['REMOTE_ADDR'])));
|
||||||
// expiring when the browser is closed.
|
else
|
||||||
//
|
|
||||||
// It seems like I should be able to test for the old cookie, but for some reason when
|
|
||||||
// I read the lifetime value from session_get_cookie_params(), I always get '0'
|
|
||||||
// (i.e. expire when the browser is closed), even when there's a time expiration
|
|
||||||
// on the cookie
|
|
||||||
if($_POST['remember']) {
|
|
||||||
new_cookie(31449600); // one year
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
new_cookie(0); // 0 means delete on browser exit
|
new_cookie(0); // 0 means delete on browser exit
|
||||||
}
|
|
||||||
|
|
||||||
// if we haven't failed up this point, log them in.
|
// if we haven't failed up this point, log them in.
|
||||||
|
|
||||||
|
@ -187,12 +201,12 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function new_cookie($time) {
|
function new_cookie($time, $value = "") {
|
||||||
|
|
||||||
if ($time != 0)
|
if ($time != 0)
|
||||||
$time = $time + time();
|
$time = $time + time();
|
||||||
|
|
||||||
$params = session_get_cookie_params();
|
setcookie("Friendica", $value, $time);
|
||||||
setcookie(session_name(), session_id(), $time, $params['path'], $params['domain'], $params['secure'], isset($params['httponly']));
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue