From ac164cfca88930c6e9eee3add8bd45cf5747c104 Mon Sep 17 00:00:00 2001 From: Zach Prezkuta Date: Thu, 8 Nov 2012 17:00:37 -0700 Subject: [PATCH] refresh login time every 12 hours for 'Remember me' --- include/auth.php | 15 ++++++++++++++- include/security.php | 9 ++++++--- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/include/auth.php b/include/auth.php index 1ddba7c8..b534d4a4 100644 --- a/include/auth.php +++ b/include/auth.php @@ -2,6 +2,7 @@ require_once('include/security.php'); +require_once('include/datetime.php'); function nuke_session() { unset($_SESSION['authenticated']); @@ -68,7 +69,18 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p goaway(z_root()); } - authenticate_success($r[0]); + // Make sure to refresh the last login time for the user if the user + // stays logged in for a long time, e.g. with "Remember Me" + $login_refresh = false; + if(! x($_SESSION['last_login_date'])) { + $_SESSION['last_login_date'] = datetime_convert('UTC','UTC'); + } + if( strcmp(datetime_convert('UTC','UTC','now - 12 hours'), $_SESSION['last_login_date']) > 0 ) { + + $_SESSION['last_login_date'] = datetime_convert('UTC','UTC'); + $login_refresh = true; + } + authenticate_success($r[0], false, false, $login_refresh); } } else { @@ -191,6 +203,7 @@ else { // if we haven't failed up this point, log them in. + $_SESSION['last_login_date'] = datetime_convert('UTC','UTC'); authenticate_success($record, true, true); } } diff --git a/include/security.php b/include/security.php index 0558df1a..56d4cad3 100644 --- a/include/security.php +++ b/include/security.php @@ -1,6 +1,6 @@ identities,true), LOGGER_DEBUG); + if($login_refresh) + logger('auth_identities refresh: ' . print_r($a->identities,true), LOGGER_DEBUG); $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", intval($_SESSION['uid'])); @@ -76,7 +78,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive header('X-Account-Management-Status: active; name="' . $a->user['username'] . '"; id="' . $a->user['nickname'] .'"'); - if($login_initial) { + if($login_initial || $login_refresh) { $l = get_browser_language(); q("UPDATE `user` SET `login_date` = '%s', `language` = '%s' WHERE `uid` = %d LIMIT 1", @@ -84,7 +86,8 @@ function authenticate_success($user_record, $login_initial = false, $interactive dbesc($l), intval($_SESSION['uid']) ); - + } + if($login_initial) { call_hooks('logged_in', $a->user); if(($a->module !== 'home') && isset($_SESSION['return_url']))