Context Navigation

Changeset 1493

Timestamp:

Jul 23, 2006, 5:25:49 PM (18 years ago)

Author:

nikrou

Message:

bug 451 fixed: problem with auto login

and sessions length will be 0 (until browser closed)

Location:

trunk

Files:

-                      r1082
+                      r1493
+  }
+}
+elseif (!empty($_COOKIE[$conf['remember_me_name']]))
+{
+  $cookie = unserialize(pwg_stripslashes($_COOKIE[$conf['remember_me_name']]));
+  $query = '
+SELECT auto_login_key
+  FROM '.USERS_TABLE.'
+  WHERE '.$conf['user_fields']['id'].' = '.$cookie['id'].'
+;';
+  $auto_login_key = current(mysql_fetch_assoc(pwg_query($query)));
+  if ($auto_login_key == $cookie['key'])
+  {
+    log_user($cookie['id'], false);
+    redirect(empty($redirect_to) ? make_index_url() : $redirect_to);
+  }
+  else
+  {
+    // Hacking attempt!
+    $query = '
+UPDATE '.USERS_TABLE.'
+  SET auto_login_key=\''.$auto_login_key.'\'
+  WHERE '.$conf['user_fields']['id'].' = '.$user_id.'
+;';
+    pwg_query($query);
+    setcookie($conf['remember_me_name'], '', 0, cookie_path());
+    redirect(empty($redirect_to) ? make_index_url() : $redirect_to);
+  }
+}
 //----------------------------------------------------- template initialization
 //

-                      r1470
+                      r1493
 $conf['authorize_remembering'] = true;
+// remember_me_name: specifies the name of the cookie used to stay logged
+$conf['remember_me_name'] = 'pwg_remember';
 // remember_me_length : time of validity for "remember me" cookies, in
 // seconds.
 $conf['remember_me_length'] = 31536000;
-// session_length : time of validity for normal session, in seconds.
-$conf['session_length'] = 3600;
 // +-----------------------------------------------------------------------+

-                      r1442
+                      r1493
     ini_set('session.use_trans_sid', intval($conf['session_use_trans_sid']));
+  }
+  session_name( $conf['session_name'] );
+  session_set_cookie_params(
+      ini_get('session.cookie_lifetime'),
+      cookie_path()
+    );
+  session_name($conf['session_name']);
+  session_set_cookie_params(0, cookie_path());
+}

-                      r1462
+                      r1493
+{
   global $conf;
+  $session_length = $conf['session_length'];
   if ($remember_me)
+  {
+    $session_length = $conf['remember_me_length'];
+  }
+  session_set_cookie_params($session_length);
+    // search for an existing auto_login_key
+    $query = '
+SELECT auto_login_key
+  FROM '.USERS_TABLE.'
+  WHERE '.$conf['user_fields']['id'].' = '.$user_id.'
+;';
+    $auto_login_key = current(mysql_fetch_assoc(pwg_query($query)));
+    if (empty($auto_login_key))
+    {
+      $auto_login_key = base64_encode(md5(uniqid(rand(), true)));
+      $query = '
+UPDATE '.USERS_TABLE.'
+  SET auto_login_key=\''.$auto_login_key.'\'
+  WHERE '.$conf['user_fields']['id'].' = '.$user_id.'
+;';
+      pwg_query($query);
+    }
+    $cookie = array('id' => $user_id, 'key' => $auto_login_key);
+    setcookie($conf['remember_me_name'],
+              serialize($cookie),
+              time()+$conf['remember_me_length'],
+              cookie_path()
+              );
+  }
   session_start();
   $_SESSION['pwg_uid'] = $user_id;

-                      r1312
+                      r1493
 -- MySQL dump 9.11
+-- MySQL dump 9.11
 --
 -- Host: localhost    Database: pwg-bsf
 …
   `password` varchar(32) default NULL,
   `mail_address` varchar(255) default NULL,
+  `auto_login_key` varchar(64) default NULL,
   PRIMARY KEY  (`id`),
   UNIQUE KEY `users_ui1` (`username`)

Note: See TracChangeset for help on using the changeset viewer.