From e116712bf5d2e8e84971a456dc5043144ae48e75 Mon Sep 17 00:00:00 2001 From: Zach Prezkuta Date: Wed, 7 Nov 2012 18:59:30 -0700 Subject: [PATCH 1/2] add ability to remember logged in user after browser closes --- boot.php | 1 + include/auth.php | 27 +++++++++++++++++++++++++ view/theme/frost-mobile/login-style.css | 4 ++++ view/theme/frost-mobile/login.tpl | 2 ++ view/theme/frost/login-style.css | 4 ++++ view/theme/frost/login.tpl | 4 +++- 6 files changed, 41 insertions(+), 1 deletion(-) diff --git a/boot.php b/boot.php index addc0c107..9335a2fde 100644 --- a/boot.php +++ b/boot.php @@ -947,6 +947,7 @@ if(! function_exists('login')) { '$lname' => array('username', t('Nickname or Email address: ') , '', ''), '$lpassword' => array('password', t('Password: '), '', ''), + '$lremember' => array('remember', t('Remember me'), 0, ''), '$openid' => !$noid, '$lopenid' => array('openid_url', t('Or login using OpenID: '),'',''), diff --git a/include/auth.php b/include/auth.php index 523de88ce..1ddba7c88 100644 --- a/include/auth.php +++ b/include/auth.php @@ -162,6 +162,33 @@ else { goaway(z_root()); } + // If the user specified to remember the authentication, then change the cookie + // to expire after one year (the default is when the browser is closed). + // If the user did not specify to remember, change the cookie to expire when the + // browser is closed. The reason this is necessary is because if the user + // specifies to remember, then logs out and logs back in without specifying to + // remember, the old "remember" cookie may remain and prevent the session from + // expiring when the browser is closed. + // + // It seems like I should be able to test for the old cookie, but for some reason when + // I read the lifetime value from session_get_cookie_params(), I always get '0' + // (i.e. expire when the browser is closed), even when there's a time expiration + // on the cookie + if($_POST['remember']) { + $old_sid = session_id(); + session_set_cookie_params('31449600'); // one year + session_regenerate_id(false); + + q("UPDATE session SET sid = '%s' WHERE sid = '%s'", dbesc(session_id()), dbesc($old_sid)); + } + else { + $old_sid = session_id(); + session_set_cookie_params('0'); + session_regenerate_id(false); + + q("UPDATE session SET sid = '%s' WHERE sid = '%s'", dbesc(session_id()), dbesc($old_sid)); + } + // if we haven't failed up this point, log them in. authenticate_success($record, true, true); diff --git a/view/theme/frost-mobile/login-style.css b/view/theme/frost-mobile/login-style.css index 222da2db8..4ebf7d740 100644 --- a/view/theme/frost-mobile/login-style.css +++ b/view/theme/frost-mobile/login-style.css @@ -87,6 +87,10 @@ div.section-wrapper { margin-left: 30px; } +#div_id_remember { + margin-top: 10px; +} + #login_openid { margin-top: 50px; } diff --git a/view/theme/frost-mobile/login.tpl b/view/theme/frost-mobile/login.tpl index 246c04ffa..6946cc031 100644 --- a/view/theme/frost-mobile/login.tpl +++ b/view/theme/frost-mobile/login.tpl @@ -25,6 +25,8 @@ + {{ inc field_checkbox.tpl with $field=$lremember }}{{ endinc }} +

-



+ {{ inc field_checkbox.tpl with $field=$lremember }}{{ endinc }} + +