diff --git a/boot.php b/boot.php index addc0c107..9335a2fde 100644 --- a/boot.php +++ b/boot.php @@ -947,6 +947,7 @@ if(! function_exists('login')) { '$lname' => array('username', t('Nickname or Email address: ') , '', ''), '$lpassword' => array('password', t('Password: '), '', ''), + '$lremember' => array('remember', t('Remember me'), 0, ''), '$openid' => !$noid, '$lopenid' => array('openid_url', t('Or login using OpenID: '),'',''), diff --git a/include/auth.php b/include/auth.php index 523de88ce..b534d4a4d 100644 --- a/include/auth.php +++ b/include/auth.php @@ -2,6 +2,7 @@ require_once('include/security.php'); +require_once('include/datetime.php'); function nuke_session() { unset($_SESSION['authenticated']); @@ -68,7 +69,18 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p goaway(z_root()); } - authenticate_success($r[0]); + // Make sure to refresh the last login time for the user if the user + // stays logged in for a long time, e.g. with "Remember Me" + $login_refresh = false; + if(! x($_SESSION['last_login_date'])) { + $_SESSION['last_login_date'] = datetime_convert('UTC','UTC'); + } + if( strcmp(datetime_convert('UTC','UTC','now - 12 hours'), $_SESSION['last_login_date']) > 0 ) { + + $_SESSION['last_login_date'] = datetime_convert('UTC','UTC'); + $login_refresh = true; + } + authenticate_success($r[0], false, false, $login_refresh); } } else { @@ -162,8 +174,36 @@ else { goaway(z_root()); } + // If the user specified to remember the authentication, then change the cookie + // to expire after one year (the default is when the browser is closed). + // If the user did not specify to remember, change the cookie to expire when the + // browser is closed. The reason this is necessary is because if the user + // specifies to remember, then logs out and logs back in without specifying to + // remember, the old "remember" cookie may remain and prevent the session from + // expiring when the browser is closed. + // + // It seems like I should be able to test for the old cookie, but for some reason when + // I read the lifetime value from session_get_cookie_params(), I always get '0' + // (i.e. expire when the browser is closed), even when there's a time expiration + // on the cookie + if($_POST['remember']) { + $old_sid = session_id(); + session_set_cookie_params('31449600'); // one year + session_regenerate_id(false); + + q("UPDATE session SET sid = '%s' WHERE sid = '%s'", dbesc(session_id()), dbesc($old_sid)); + } + else { + $old_sid = session_id(); + session_set_cookie_params('0'); + session_regenerate_id(false); + + q("UPDATE session SET sid = '%s' WHERE sid = '%s'", dbesc(session_id()), dbesc($old_sid)); + } + // if we haven't failed up this point, log them in. + $_SESSION['last_login_date'] = datetime_convert('UTC','UTC'); authenticate_success($record, true, true); } } diff --git a/include/security.php b/include/security.php index 0558df1a1..56d4cad36 100644 --- a/include/security.php +++ b/include/security.php @@ -1,6 +1,6 @@ identities,true), LOGGER_DEBUG); + if($login_refresh) + logger('auth_identities refresh: ' . print_r($a->identities,true), LOGGER_DEBUG); $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", intval($_SESSION['uid'])); @@ -76,7 +78,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive header('X-Account-Management-Status: active; name="' . $a->user['username'] . '"; id="' . $a->user['nickname'] .'"'); - if($login_initial) { + if($login_initial || $login_refresh) { $l = get_browser_language(); q("UPDATE `user` SET `login_date` = '%s', `language` = '%s' WHERE `uid` = %d LIMIT 1", @@ -84,7 +86,8 @@ function authenticate_success($user_record, $login_initial = false, $interactive dbesc($l), intval($_SESSION['uid']) ); - + } + if($login_initial) { call_hooks('logged_in', $a->user); if(($a->module !== 'home') && isset($_SESSION['return_url'])) diff --git a/view/theme/frost-mobile/login-style.css b/view/theme/frost-mobile/login-style.css index 222da2db8..4ebf7d740 100644 --- a/view/theme/frost-mobile/login-style.css +++ b/view/theme/frost-mobile/login-style.css @@ -87,6 +87,10 @@ div.section-wrapper { margin-left: 30px; } +#div_id_remember { + margin-top: 10px; +} + #login_openid { margin-top: 50px; } diff --git a/view/theme/frost-mobile/login.tpl b/view/theme/frost-mobile/login.tpl index 246c04ffa..6946cc031 100644 --- a/view/theme/frost-mobile/login.tpl +++ b/view/theme/frost-mobile/login.tpl @@ -25,6 +25,8 @@ + {{ inc field_checkbox.tpl with $field=$lremember }}{{ endinc }} +

{{ if $register }}$register.desc{{ endif }} diff --git a/view/theme/frost/login-style.css b/view/theme/frost/login-style.css index 79c3aede0..25d8ec5a0 100644 --- a/view/theme/frost/login-style.css +++ b/view/theme/frost/login-style.css @@ -87,6 +87,10 @@ div.section-wrapper { margin-left: 140px; } +#div_id_remember { + margin-top: 10px; +} + /*.openid input {*/ #id_openid_url, .openid input { background: url(login-bg.gif) no-repeat; diff --git a/view/theme/frost/login.tpl b/view/theme/frost/login.tpl index 2e2a3ed1a..bc99e6d95 100644 --- a/view/theme/frost/login.tpl +++ b/view/theme/frost/login.tpl @@ -25,7 +25,9 @@
-



+ {{ inc field_checkbox.tpl with $field=$lremember }}{{ endinc }} + +


{{ if $register }}$register.desc{{ endif }} $lostlink