Allow "keep me logged in" on session timeouts > 0 (setting) Fixed login as

Marius Cramer

2013-11-20 de02569e6b953befd9e068139751d7d21c8bfd18

Allow "keep me logged in" on session timeouts > 0 (setting)
Fixed login as

 install/sql/ispconfig3.sql

@@ -1578,6 +1578,7 @@
  `session_id` varchar(64) NOT NULL DEFAULT '',
  `date_created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
  `last_updated` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
  `permanent` enum('n','y') NOT NULL DEFAULT 'n',
  `session_data` longtext,
  PRIMARY KEY (`session_id`),
  KEY `last_updated` (`last_updated`)

 install/tpl/system.ini.master

@@ -50,3 +50,4 @@
customer_no_start=1
customer_no_counter=0
session_timeout=0
session_allow_endless=0

 interface/lib/app.inc.php

@@ -68,8 +68,25 @@
            $this->uses('session');
            $tmp = $this->db->queryOneRecord("SELECT `value` FROM sys_config WHERE `config_id` = 2 AND `group` = 'interface' AND `name` = 'session_timeout'");
            if($tmp && $tmp['value'] > 0) {
                $this->session->set_timeout($tmp['value']);
                session_set_cookie_params(($tmp['value'] * 60) + 300); // make the cookie live 5 minutes longer
                /* check if user wants to stay logged in */
                if(isset($_POST['s_mod']) && isset($_POST['s_pg']) && $_POST['s_mod'] == 'login' && $_POST['s_pg'] == 'index' && isset($_POST['stay']) && $_POST['stay'] == '1') {
                    /* check if staying logged in is allowed */
                    $app->uses('ini_parser');
                    $tmp = $app->db->queryOneRecord('SELECT config FROM sys_ini WHERE sysini_id = 1');
                    $tmp = $app->ini_parser->parse_ini_string(stripslashes($tmp['config']));
                    if(!isset($tmp['misc']['session_allow_endless']) || $tmp['misc']['session_allow_endless'] != 'y') {
                        $this->session->set_timeout($tmp['value']);
                        session_set_cookie_params(($tmp['value'] * 60) + 300); // make the cookie live 5 minutes longer
                    } else {
                        // we are doing login here, so we need to set the session data
                        $this->session->set_permanent(true);
                        $this->session->set_timeout(365 * 24 * 3600); // one year
                        session_set_cookie_params(365 * 24 * 3600); // make the cookie live 5 minutes longer
                    }
                } else {
                    $this->session->set_timeout($tmp['value']);
                    session_set_cookie_params(($tmp['value'] * 60) + 300); // make the cookie live 5 minutes longer
                }
            } else {
                session_set_cookie_params(0); // until browser is closed
            }

 interface/lib/classes/session.inc.php

@@ -33,6 +33,7 @@
    private $session_array = array();
    private $db;
    private $timeout = 0;
    private $permanent = false;

    function __construct($session_timeout = 0) {
        $this->db = new db;
@@ -43,6 +44,10 @@
        $old_timeout = $this->timeout;
        $this->timeout = $session_timeout;
        return $old_timeout;
    }
	
    function set_permanent($value = false) {
        $this->permanent = $value;
    }

    function open ($save_path, $session_name) {
@@ -61,7 +66,7 @@
    function read ($session_id) {
        
        if($this->timeout > 0) {
            $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."' AND last_updated >= DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE)");
            $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."' AND (`permanent` = 'y' OR last_updated >= DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE))");
        } else {
            $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."'");
        }
@@ -94,14 +99,14 @@
            $date_created = date('Y-m-d H:i:s');
            $last_updated = date('Y-m-d H:i:s');
            $session_data = $this->db->quote($session_data);
            $sql = "INSERT INTO sys_session (session_id,date_created,last_updated,session_data) VALUES ('$session_id','$date_created','$last_updated','$session_data')";
            $sql = "INSERT INTO sys_session (session_id,date_created,last_updated,session_data,permanent) VALUES ('$session_id','$date_created','$last_updated','$session_data','" . ($this->permanent ? 'y' : 'n') . "')";
            $this->db->query($sql);

        } else {
            $session_id   = $this->db->quote($session_id);
            $last_updated = date('Y-m-d H:i:s');
            $session_data = $this->db->quote($session_data);
            $sql = "UPDATE sys_session SET last_updated = '$last_updated', session_data = '$session_data' WHERE session_id = '$session_id'";
            $sql = "UPDATE sys_session SET last_updated = '$last_updated', session_data = '$session_data'" . ($this->permanent ? ", `permanent` = 'y'" : "") . " WHERE session_id = '$session_id'";
            $this->db->query($sql);

        }
@@ -127,6 +132,13 @@
            $dt1 = strtotime("$real_now -$max_lifetime seconds");
            $dt2 = date('Y-m-d H:i:s', $dt1);

            $sql = "DELETE FROM sys_session WHERE last_updated < '$dt2' AND `permanent` != 'y'";
            $this->db->query($sql);
			
            /* delete very old even if they are permanent */
            $dt1 = strtotime("$real_now -365 days");
            $dt2 = date('Y-m-d H:i:s', $dt1);

            $sql = "DELETE FROM sys_session WHERE last_updated < '$dt2'";
            $this->db->query($sql);
        //}

 interface/web/admin/form/system_config.tform.php

@@ -481,6 +481,12 @@
            'width'  => '30',
            'maxlength' => '255'
        ),
        'session_allow_endless' => array (
            'datatype' => 'VARCHAR',
            'formtype' => 'CHECKBOX',
            'default' => 'n',
            'value'  => array(0 => 'n', 1 => 'y')
        ),
        //#################################
        // ENDE Datatable fields
        //#################################

 interface/web/admin/lib/lang/de_system_config.lng

@@ -64,4 +64,5 @@
$wb['customer_no_start_txt'] = 'Kundennummer Startwert';
$wb['customer_no_counter_txt'] = 'Kundennummer Zähler';
$wb['session_timeout_txt'] = 'Session-Timeout (Minuten)';
$wb['session_allow_endless_txt'] = '"Eingeloggt bleiben" aktivieren';
?>

 interface/web/admin/lib/lang/en_system_config.lng

@@ -64,4 +64,5 @@
$wb['customer_no_start_txt'] = 'Customer No. start value';
$wb['customer_no_counter_txt'] = 'Customer No. counter';
$wb['session_timeout_txt'] = 'Session timeout (minutes)';
$wb['session_allow_endless_txt'] = 'Enable "stay logged in"';
?>

 interface/web/admin/templates/system_config_misc_edit.htm

@@ -86,6 +86,12 @@
                <input name="session_timeout" id="session_timeout" value="{tmpl_var name='session_timeout'}" size="30" maxlength="255" type="text" class="textInput formLengthHalf" />
            </div>
            <div class="ctrlHolder">
                <p class="label">{tmpl_var name='session_allow_endless_txt'}</p>
                <div class="multiField">
                    {tmpl_var name='session_allow_endless'}
                </div>
            </div>
            <div class="ctrlHolder">
                <p class="label">{tmpl_var name='maintenance_mode_txt'}</p>
                <div class="multiField">
                    {tmpl_var name='maintenance_mode'}

 interface/web/login/index.php

@@ -122,7 +122,7 @@
                        else {
                            die("You don't have the right to 'login as'!");
                        }
                    } elseif($_SESSION['s']['user']['typ'] != 'admin') {
                    } elseif($_SESSION['s']['user']['typ'] != 'admin' && (!isset($_SESSION['s_old']['user']) || $_SESSION['s_old']['user']['typ'] != 'admin')) {
                        /* a reseller wants to 'login as', we need to check if he is allowed to */
                        $res_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
                        $res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $res_client_group_id");
@@ -230,7 +230,6 @@
                                $_SESSION['s']['user']['theme'] = isset($user['app_theme']) ? $user['app_theme'] : 'default';
                                $_SESSION['s']['language'] = $user['language'];
                                $_SESSION["s"]['theme'] = $_SESSION['s']['user']['theme'];
                                $_SESSION['s']['session_timeout'] = $server_config_array['session_timeout'];
                                
                                if(is_file($_SESSION['s']['user']['startmodule'].'/lib/module.conf.php')) {
                                    include_once $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php';
@@ -318,12 +317,15 @@
        if($error != ''){
            $error = '<div class="box box_error"><h1>Error</h1>'.$error.'</div>';
        }

		
        $app->tpl->setVar('error', $error);
        $app->tpl->setVar('pw_lost_txt', $app->lng('pw_lost_txt'));
        $app->tpl->setVar('username_txt', $app->lng('username_txt'));
        $app->tpl->setVar('password_txt', $app->lng('password_txt'));
        $app->tpl->setVar('stay_logged_in_txt', $app->lng('stay_logged_in_txt'));
        $app->tpl->setVar('login_button_txt', $app->lng('login_button_txt'));
        $app->tpl->setVar('session_timeout', $server_config_array['session_timeout']);
        $app->tpl->setVar('session_allow_endless', $server_config_array['session_allow_endless']);
        $app->tpl->setInclude('content_tpl', 'login/templates/index.htm');
        $app->tpl_defaults();


 interface/web/login/lib/lang/de.lng

@@ -22,4 +22,5 @@
$wb['error_maintenance_mode'] = 'Diese ISPConfig Installation wird gerade gewartet. Wir sind in Kürze wieder für Sie da. Vielen Dank für Ihre Geduld.';
$wb['theme_not_compatible'] = 'Das gewählte Design ist mit dieser ISPConfig Version nicht kompatibel. Bitte prüfen Sie, ob ein Update des Themes verfügbar ist.<br />Es wurde nun automatisch das Standard Design aktiviert.';
$wb['back_txt'] = 'Zur&uuml;ck';
$wb['stay_logged_in_txt'] = 'Dauerhaft eingeloggt bleiben';
?>

 interface/web/login/lib/lang/en.lng

@@ -27,4 +27,5 @@
$wb['error_maintenance_mode'] = 'This ISPConfig installation is currently under maintenance. We should be back shortly. Thank you for your patience.';

$wb['theme_not_compatible'] = 'The chosen theme is not compatible with the current ISPConfig version. Please check for a new version of the theme.<br />The default theme as been activated automatically.';
$wb['stay_logged_in_txt'] = 'Keep me logged in';
?>

 interface/web/login/templates/index.htm

@@ -19,7 +19,15 @@
            <div class="ctrlHolder">
                <label for="passwort">{tmpl_var name='password_txt'}</label>
                <input name="passwort" id="passwort" value="" size="30" maxlength="255" type="password" class="formLengthEmailUser"  onkeypress="if (event.keyCode && event.keyCode == 13) {submitLoginForm('pageForm'); return false;};" />
            </div>			
            </div>
            <tmpl_if name="session_timeout" op=">" value="0">
                <tmpl_if name="session_allow_endless" value="y">
            <div class="ctrlHolder">
                <label for="passwort">{tmpl_var name='stay_logged_in_txt'}</label>
                <input name="stay" id="stay" value="1" type="checkbox" onkeypress="if (event.keyCode && event.keyCode == 13) {submitLoginForm('pageForm'); return false;};" />
            </div>
                </tmpl_if>
            </tmpl_if>
        </fieldset>

        <input type="hidden" name="s_mod" value="login" />