From d04604ab1a8c0179cb4464acff4b7dc4a4877504 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Wed, 20 Nov 2013 13:50:06 -0500
Subject: [PATCH] Merge branch 'stable-3.0.5' of git.ispconfig.org:ispconfig/ispconfig3 into stable-3.0.5
---
interface/web/admin/lib/lang/en_system_config.lng | 1
interface/web/login/lib/lang/en.lng | 1
install/sql/ispconfig3.sql | 1
install/tpl/system.ini.master | 1
interface/lib/classes/session.inc.php | 18 +++++++-
interface/web/login/lib/lang/de.lng | 1
interface/web/admin/lib/lang/de_system_config.lng | 1
interface/web/login/templates/index.htm | 10 ++++
interface/web/login/index.php | 8 ++-
interface/lib/app.inc.php | 21 +++++++++-
interface/web/admin/form/system_config.tform.php | 6 +++
interface/web/admin/templates/system_config_misc_edit.htm | 6 +++
12 files changed, 66 insertions(+), 9 deletions(-)
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
index 8311bec..09a8607 100644
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
@@ -1583,6 +1583,7 @@
`session_id` varchar(64) NOT NULL DEFAULT '',
`date_created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`last_updated` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
+ `permanent` enum('n','y') NOT NULL DEFAULT 'n',
`session_data` longtext,
PRIMARY KEY (`session_id`),
KEY `last_updated` (`last_updated`)
diff --git a/install/tpl/system.ini.master b/install/tpl/system.ini.master
index 0d4a300..1f305dd 100644
--- a/install/tpl/system.ini.master
+++ b/install/tpl/system.ini.master
@@ -50,3 +50,4 @@
customer_no_start=1
customer_no_counter=0
session_timeout=0
+session_allow_endless=0
diff --git a/interface/lib/app.inc.php b/interface/lib/app.inc.php
index 6c19f57..40f9a903 100755
--- a/interface/lib/app.inc.php
+++ b/interface/lib/app.inc.php
@@ -68,8 +68,25 @@
$this->uses('session');
$tmp = $this->db->queryOneRecord("SELECT `value` FROM sys_config WHERE `config_id` = 2 AND `group` = 'interface' AND `name` = 'session_timeout'");
if($tmp && $tmp['value'] > 0) {
- $this->session->set_timeout($tmp['value']);
- session_set_cookie_params(($tmp['value'] * 60) + 300); // make the cookie live 5 minutes longer
+ /* check if user wants to stay logged in */
+ if(isset($_POST['s_mod']) && isset($_POST['s_pg']) && $_POST['s_mod'] == 'login' && $_POST['s_pg'] == 'index' && isset($_POST['stay']) && $_POST['stay'] == '1') {
+ /* check if staying logged in is allowed */
+ $app->uses('ini_parser');
+ $tmp = $app->db->queryOneRecord('SELECT config FROM sys_ini WHERE sysini_id = 1');
+ $tmp = $app->ini_parser->parse_ini_string(stripslashes($tmp['config']));
+ if(!isset($tmp['misc']['session_allow_endless']) || $tmp['misc']['session_allow_endless'] != 'y') {
+ $this->session->set_timeout($tmp['value']);
+ session_set_cookie_params(($tmp['value'] * 60) + 300); // make the cookie live 5 minutes longer
+ } else {
+ // we are doing login here, so we need to set the session data
+ $this->session->set_permanent(true);
+ $this->session->set_timeout(365 * 24 * 3600); // one year
+ session_set_cookie_params(365 * 24 * 3600); // make the cookie live 5 minutes longer
+ }
+ } else {
+ $this->session->set_timeout($tmp['value']);
+ session_set_cookie_params(($tmp['value'] * 60) + 300); // make the cookie live 5 minutes longer
+ }
} else {
session_set_cookie_params(0); // until browser is closed
}
diff --git a/interface/lib/classes/session.inc.php b/interface/lib/classes/session.inc.php
index 03fad95..dcb187b 100644
--- a/interface/lib/classes/session.inc.php
+++ b/interface/lib/classes/session.inc.php
@@ -33,6 +33,7 @@
private $session_array = array();
private $db;
private $timeout = 0;
+ private $permanent = false;
function __construct($session_timeout = 0) {
$this->db = new db;
@@ -43,6 +44,10 @@
$old_timeout = $this->timeout;
$this->timeout = $session_timeout;
return $old_timeout;
+ }
+
+ function set_permanent($value = false) {
+ $this->permanent = $value;
}
function open ($save_path, $session_name) {
@@ -61,7 +66,7 @@
function read ($session_id) {
if($this->timeout > 0) {
- $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."' AND last_updated >= DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE)");
+ $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."' AND (`permanent` = 'y' OR last_updated >= DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE))");
} else {
$rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."'");
}
@@ -94,14 +99,14 @@
$date_created = date('Y-m-d H:i:s');
$last_updated = date('Y-m-d H:i:s');
$session_data = $this->db->quote($session_data);
- $sql = "INSERT INTO sys_session (session_id,date_created,last_updated,session_data) VALUES ('$session_id','$date_created','$last_updated','$session_data')";
+ $sql = "INSERT INTO sys_session (session_id,date_created,last_updated,session_data,permanent) VALUES ('$session_id','$date_created','$last_updated','$session_data','" . ($this->permanent ? 'y' : 'n') . "')";
$this->db->query($sql);
} else {
$session_id = $this->db->quote($session_id);
$last_updated = date('Y-m-d H:i:s');
$session_data = $this->db->quote($session_data);
- $sql = "UPDATE sys_session SET last_updated = '$last_updated', session_data = '$session_data' WHERE session_id = '$session_id'";
+ $sql = "UPDATE sys_session SET last_updated = '$last_updated', session_data = '$session_data'" . ($this->permanent ? ", `permanent` = 'y'" : "") . " WHERE session_id = '$session_id'";
$this->db->query($sql);
}
@@ -127,6 +132,13 @@
$dt1 = strtotime("$real_now -$max_lifetime seconds");
$dt2 = date('Y-m-d H:i:s', $dt1);
+ $sql = "DELETE FROM sys_session WHERE last_updated < '$dt2' AND `permanent` != 'y'";
+ $this->db->query($sql);
+
+ /* delete very old even if they are permanent */
+ $dt1 = strtotime("$real_now -365 days");
+ $dt2 = date('Y-m-d H:i:s', $dt1);
+
$sql = "DELETE FROM sys_session WHERE last_updated < '$dt2'";
$this->db->query($sql);
//}
diff --git a/interface/web/admin/form/system_config.tform.php b/interface/web/admin/form/system_config.tform.php
index 28d2ac8..2303e61 100644
--- a/interface/web/admin/form/system_config.tform.php
+++ b/interface/web/admin/form/system_config.tform.php
@@ -481,6 +481,12 @@
'width' => '30',
'maxlength' => '255'
),
+ 'session_allow_endless' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'CHECKBOX',
+ 'default' => 'n',
+ 'value' => array(0 => 'n', 1 => 'y')
+ ),
//#################################
// ENDE Datatable fields
//#################################
diff --git a/interface/web/admin/lib/lang/de_system_config.lng b/interface/web/admin/lib/lang/de_system_config.lng
index 0673318..53432cd 100644
--- a/interface/web/admin/lib/lang/de_system_config.lng
+++ b/interface/web/admin/lib/lang/de_system_config.lng
@@ -64,4 +64,5 @@
$wb['customer_no_start_txt'] = 'Kundennummer Startwert';
$wb['customer_no_counter_txt'] = 'Kundennummer Zähler';
$wb['session_timeout_txt'] = 'Session-Timeout (Minuten)';
+$wb['session_allow_endless_txt'] = '"Eingeloggt bleiben" aktivieren';
?>
\ No newline at end of file
diff --git a/interface/web/admin/lib/lang/en_system_config.lng b/interface/web/admin/lib/lang/en_system_config.lng
index d9bd9ec..deeda4f 100644
--- a/interface/web/admin/lib/lang/en_system_config.lng
+++ b/interface/web/admin/lib/lang/en_system_config.lng
@@ -64,4 +64,5 @@
$wb['customer_no_start_txt'] = 'Customer No. start value';
$wb['customer_no_counter_txt'] = 'Customer No. counter';
$wb['session_timeout_txt'] = 'Session timeout (minutes)';
+$wb['session_allow_endless_txt'] = 'Enable "stay logged in"';
?>
diff --git a/interface/web/admin/templates/system_config_misc_edit.htm b/interface/web/admin/templates/system_config_misc_edit.htm
index de9e3c3..ea9844e 100644
--- a/interface/web/admin/templates/system_config_misc_edit.htm
+++ b/interface/web/admin/templates/system_config_misc_edit.htm
@@ -86,6 +86,12 @@
<input name="session_timeout" id="session_timeout" value="{tmpl_var name='session_timeout'}" size="30" maxlength="255" type="text" class="textInput formLengthHalf" />
</div>
<div class="ctrlHolder">
+ <p class="label">{tmpl_var name='session_allow_endless_txt'}</p>
+ <div class="multiField">
+ {tmpl_var name='session_allow_endless'}
+ </div>
+ </div>
+ <div class="ctrlHolder">
<p class="label">{tmpl_var name='maintenance_mode_txt'}</p>
<div class="multiField">
{tmpl_var name='maintenance_mode'}
diff --git a/interface/web/login/index.php b/interface/web/login/index.php
index 6e8f9ce..951dbaf 100644
--- a/interface/web/login/index.php
+++ b/interface/web/login/index.php
@@ -122,7 +122,7 @@
else {
die("You don't have the right to 'login as'!");
}
- } elseif($_SESSION['s']['user']['typ'] != 'admin') {
+ } elseif($_SESSION['s']['user']['typ'] != 'admin' && (!isset($_SESSION['s_old']['user']) || $_SESSION['s_old']['user']['typ'] != 'admin')) {
/* a reseller wants to 'login as', we need to check if he is allowed to */
$res_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $res_client_group_id");
@@ -230,7 +230,6 @@
$_SESSION['s']['user']['theme'] = isset($user['app_theme']) ? $user['app_theme'] : 'default';
$_SESSION['s']['language'] = $user['language'];
$_SESSION["s"]['theme'] = $_SESSION['s']['user']['theme'];
- $_SESSION['s']['session_timeout'] = $server_config_array['session_timeout'];
if(is_file($_SESSION['s']['user']['startmodule'].'/lib/module.conf.php')) {
include_once $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php';
@@ -318,12 +317,15 @@
if($error != ''){
$error = '<div class="box box_error"><h1>Error</h1>'.$error.'</div>';
}
-
+
$app->tpl->setVar('error', $error);
$app->tpl->setVar('pw_lost_txt', $app->lng('pw_lost_txt'));
$app->tpl->setVar('username_txt', $app->lng('username_txt'));
$app->tpl->setVar('password_txt', $app->lng('password_txt'));
+ $app->tpl->setVar('stay_logged_in_txt', $app->lng('stay_logged_in_txt'));
$app->tpl->setVar('login_button_txt', $app->lng('login_button_txt'));
+ $app->tpl->setVar('session_timeout', $server_config_array['session_timeout']);
+ $app->tpl->setVar('session_allow_endless', $server_config_array['session_allow_endless']);
$app->tpl->setInclude('content_tpl', 'login/templates/index.htm');
$app->tpl_defaults();
diff --git a/interface/web/login/lib/lang/de.lng b/interface/web/login/lib/lang/de.lng
index 93372b2..38a9763 100644
--- a/interface/web/login/lib/lang/de.lng
+++ b/interface/web/login/lib/lang/de.lng
@@ -22,4 +22,5 @@
$wb['error_maintenance_mode'] = 'Diese ISPConfig Installation wird gerade gewartet. Wir sind in Kürze wieder für Sie da. Vielen Dank für Ihre Geduld.';
$wb['theme_not_compatible'] = 'Das gewählte Design ist mit dieser ISPConfig Version nicht kompatibel. Bitte prüfen Sie, ob ein Update des Themes verfügbar ist.<br />Es wurde nun automatisch das Standard Design aktiviert.';
$wb['back_txt'] = 'Zurück';
+$wb['stay_logged_in_txt'] = 'Dauerhaft eingeloggt bleiben';
?>
\ No newline at end of file
diff --git a/interface/web/login/lib/lang/en.lng b/interface/web/login/lib/lang/en.lng
index 082d1c2..768eaba 100644
--- a/interface/web/login/lib/lang/en.lng
+++ b/interface/web/login/lib/lang/en.lng
@@ -27,4 +27,5 @@
$wb['error_maintenance_mode'] = 'This ISPConfig installation is currently under maintenance. We should be back shortly. Thank you for your patience.';
$wb['theme_not_compatible'] = 'The chosen theme is not compatible with the current ISPConfig version. Please check for a new version of the theme.<br />The default theme as been activated automatically.';
+$wb['stay_logged_in_txt'] = 'Keep me logged in';
?>
\ No newline at end of file
diff --git a/interface/web/login/templates/index.htm b/interface/web/login/templates/index.htm
index a956701..eaf9e08 100644
--- a/interface/web/login/templates/index.htm
+++ b/interface/web/login/templates/index.htm
@@ -19,7 +19,15 @@
<div class="ctrlHolder">
<label for="passwort">{tmpl_var name='password_txt'}</label>
<input name="passwort" id="passwort" value="" size="30" maxlength="255" type="password" class="formLengthEmailUser" onkeypress="if (event.keyCode && event.keyCode == 13) {submitLoginForm('pageForm'); return false;};" />
- </div>
+ </div>
+ <tmpl_if name="session_timeout" op=">" value="0">
+ <tmpl_if name="session_allow_endless" value="y">
+ <div class="ctrlHolder">
+ <label for="passwort">{tmpl_var name='stay_logged_in_txt'}</label>
+ <input name="stay" id="stay" value="1" type="checkbox" onkeypress="if (event.keyCode && event.keyCode == 13) {submitLoginForm('pageForm'); return false;};" />
+ </div>
+ </tmpl_if>
+ </tmpl_if>
</fieldset>
<input type="hidden" name="s_mod" value="login" />
--
Gitblit v1.9.1