[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Librefm-commits] [1101] Add 'Remember me option' (fixes bug #26264, t
|
From: |
Michael Sheldon |
|
Subject: |
[Librefm-commits] [1101] Add 'Remember me option' (fixes bug #26264, thanks to Piotr Szulawski) |
|
Date: |
Fri, 01 May 2009 21:00:35 +0000 |
Revision: 1101
http://svn.sv.gnu.org/viewvc/?view=rev&root=librefm&revision=1101
Author: elleo
Date: 2009-05-01 21:00:34 +0000 (Fri, 01 May 2009)
Log Message:
-----------
Add 'Remember me option' (fixes bug #26264, thanks to Piotr Szulawski)
Use a cookie for storing authentication token instead of sessions (sessions
can't reliably have their expiration time extended without globally modifying
the php ini file)
Rename $u_user to $this_user for better clarity
Change all uses of $_SESSION['user'] to the existing '$this_user' variable (and
reduces the risk of stale user data being used for stuff)
Remove sessions altogether, since they're no longer being used for anything
(they can be added back if anyone really wants them for something, but be aware
that you'll have to recreate your session in auth.php, not just create it at
login, since the PHP session is likely to expire a long time before the user's
authentication token)
Ticket Links:
:-----------
http://savannah.gnu.org/bugs/?26264
Modified Paths:
--------------
trunk/nixtape/auth.php
trunk/nixtape/edit_group.php
trunk/nixtape/group.php
trunk/nixtape/login.php
trunk/nixtape/templating.php
trunk/nixtape/themes/librefm/templates/album.tpl
trunk/nixtape/themes/librefm/templates/listen.tpl
trunk/nixtape/themes/librefm/templates/login.tpl
trunk/nixtape/themes/librefm/templates/menu.tpl
trunk/nixtape/themes/librefm/templates/track.tpl
trunk/nixtape/user-edit.php
trunk/nixtape/user-journal.php
trunk/nixtape/user-profile.php
trunk/nixtape/user-recent-tracks.php
trunk/nixtape/user-stats.php
Modified: trunk/nixtape/auth.php
===================================================================
--- trunk/nixtape/auth.php 2009-05-01 20:56:39 UTC (rev 1100)
+++ trunk/nixtape/auth.php 2009-05-01 21:00:34 UTC (rev 1101)
@@ -21,19 +21,20 @@
require_once('database.php');
require_once('data/User.php');
-
session_start();
-if(isset($_SESSION['session_id'])) {
+if(isset($_COOKIE['session_id'])) {
$res = $mdb2->query('SELECT username FROM Scrobble_Sessions WHERE '
- . 'sessionid = ' . $mdb2->quote($_SESSION['session_id'], 'text')
+ . 'sessionid = ' . $mdb2->quote($_COOKIE['session_id'], 'text')
. ' AND expires > ' . $mdb2->quote(time(), 'integer'));
if(PEAR::isError ($res) || !$res->numRows()) {
// Session is invalid
- unset($_SESSION['session_id']);
+ setcookie('session_id', '', time() - 3600);
+ session_unset();
+ session_destroy();
} else {
$logged_in = true;
$row = $res->fetchRow(MDB2_FETCHMODE_ASSOC);
- $u_user = new User($row['username']);
+ $this_user = new User($row['username']);
}
}
?>
Modified: trunk/nixtape/edit_group.php
===================================================================
--- trunk/nixtape/edit_group.php 2009-05-01 20:56:39 UTC (rev 1100)
+++ trunk/nixtape/edit_group.php 2009-05-01 21:00:34 UTC (rev 1101)
@@ -37,8 +37,7 @@
{
if ($_REQUEST['new'])
{
- $owner = new User($_SESSION['user']->name);
- Group::create($_REQUEST['new'], $owner);
+ Group::create($_REQUEST['new'], $this_user);
header("Location:
{$base_url}/edit_group.php?group=".$_REQUEST['new']);
exit;
}
@@ -57,7 +56,7 @@
$group = new Group($_REQUEST['group']);
-if ($group->owner->name != $_SESSION['user']->name)
+if ($group->owner->name != $this_user->name)
{
$smarty->assign('error', 'Error!');
$smarty->assign('details', 'You don\'t own this group!');
Modified: trunk/nixtape/group.php
===================================================================
--- trunk/nixtape/group.php 2009-05-01 20:56:39 UTC (rev 1100)
+++ trunk/nixtape/group.php 2009-05-01 21:00:34 UTC (rev 1101)
@@ -47,12 +47,12 @@
$group = new Group($_GET['group']);
-if ($_GET['action'] && $_SESSION['user']->name)
+if ($_GET['action'] && isset($this_user))
{
if ($_GET['action'] == 'join')
- $group->memberJoin($_SESSION['user']);
+ $group->memberJoin($this_user);
elseif ($_GET['action'] == 'leave')
- $group->memberLeave($_SESSION['user']);
+ $group->memberLeave($this_user);
header("Location: " . $group->getURL());
exit;
@@ -75,8 +75,8 @@
$smarty->assign('userlist', $group->getUsers());
- $smarty->assign('ismember', $group->memberCheck($_SESSION['user']));
- $smarty->assign('isowner',
($group->owner->name==$_SESSION['user']->name));
+ $smarty->assign('ismember', $group->memberCheck($this_user));
+ $smarty->assign('isowner', ($group->owner->name==$this_user->name));
$smarty->assign('link_join', $group->getURLAction('join'));
$smarty->assign('link_leave', $group->getURLAction('leave'));
$smarty->assign('link_edit',
$base_url.'/edit_group.php?group='.$group->name);
Modified: trunk/nixtape/login.php
===================================================================
--- trunk/nixtape/login.php 2009-05-01 20:56:39 UTC (rev 1100)
+++ trunk/nixtape/login.php 2009-05-01 21:00:34 UTC (rev 1101)
@@ -24,10 +24,9 @@
require_once('templating.php');
require_once($install_path . '/data/User.php');
-if(isset($_SESSION['session_id']) && $_GET['action'] == 'logout') {
- session_unset();
- session_destroy();
- header('Location: index.php');
+if(isset($_COOKIE['session_id']) && $_GET['action'] == 'logout') {
+ setcookie('session_id', '', time() - 3600);
+ header('Location: index.php');
}
if(isset($_POST['login'])) {
@@ -35,6 +34,7 @@
$errors = '';
$username = $_POST['username'];
$password = $_POST['password'];
+ $remember = $_POST['remember'];
if(empty($username)) {
$errors .= 'You must enter a username.<br />';
@@ -52,25 +52,23 @@
} else {
// Give the user a session id, like any other client
$session_id = md5(md5($password) . time());
+ if(isset($remember)){
+ $session_time = time() + 31536000; // 1 year
+ } else {
+ $session_time = time() + 86400; // 1 day
+ }
$mdb2->query('INSERT INTO Scrobble_Sessions (username,
sessionid, expires) VALUES ('
. $mdb2->quote($username, 'text') . ', '
. $mdb2->quote($session_id, 'text') . ', '
- . $mdb2->quote( time() + 604800, 'integer') .
')');
+ . $mdb2->quote($session_time, 'integer') . ')');
+ setcookie('session_id', $session_id, $session_time);
$logged_in = true;
- $smarty->assign('logged_in', true);
-
- $_SESSION['user'] = new User($username);
- $_SESSION['session_id'] = $session_id;
- $smarty->assign('user', $_SESSION['user']);
}
}
}
if(isset($logged_in) && $logged_in) {
- // Send the user to the welcome page when they've logged in
- //$smarty->display('welcome.tpl');
-
// Check that return URI is on this server. Prevents possible phishing
uses.
if ( substr($_POST['return'], 0, 1) == '/' )
{ header(sprintf('Location: http://%s%s',
$_SERVER['SERVER_NAME'], $_POST['return'])); }
Modified: trunk/nixtape/templating.php
===================================================================
--- trunk/nixtape/templating.php 2009-05-01 20:56:39 UTC (rev 1100)
+++ trunk/nixtape/templating.php 2009-05-01 21:00:34 UTC (rev 1101)
@@ -38,8 +38,8 @@
if(isset($logged_in)) {
$smarty->assign('logged_in', true);
- // Pre-fix this user's details with u to avoid confusion with other
users
- $smarty->assign('u_user', $u_user);
+ // Pre-fix this user's details with 'this_' to avoid confusion with
other users
+ $smarty->assign('this_user', $this_user);
}
header("Content-Type: text/html; charset=utf-8");
Modified: trunk/nixtape/themes/librefm/templates/album.tpl
===================================================================
--- trunk/nixtape/themes/librefm/templates/album.tpl 2009-05-01 20:56:39 UTC
(rev 1100)
+++ trunk/nixtape/themes/librefm/templates/album.tpl 2009-05-01 21:00:34 UTC
(rev 1101)
@@ -11,8 +11,8 @@
{/section}
];
- {if isset($u_user)}
- playerInit(playlist, "{$u_user->getScrobbleSession()}", false);
+ {if isset($this_user)}
+ playerInit(playlist, "{$this_user->getScrobbleSession()}", false);
{else}
playerInit(playlist, false, false);
{/if}
Modified: trunk/nixtape/themes/librefm/templates/listen.tpl
===================================================================
--- trunk/nixtape/themes/librefm/templates/listen.tpl 2009-05-01 20:56:39 UTC
(rev 1100)
+++ trunk/nixtape/themes/librefm/templates/listen.tpl 2009-05-01 21:00:34 UTC
(rev 1101)
@@ -3,12 +3,12 @@
<h2>Listen</h2><br />
{if isset($station)}
- {if isset($u_user)}
+ {if isset($this_user)}
{include file='player.tpl'}
<div id='error'></div>
<script type="text/javascript">
- {if isset($u_user)}
- playerInit(false, "{$u_user->getScrobbleSession()}",
"{$u_user->getRadioSession($station)}");
+ {if isset($this_user)}
+ playerInit(false, "{$this_user->getScrobbleSession()}",
"{$this_user->getRadioSession($station)}");
{/if}
</script>
{else}
Modified: trunk/nixtape/themes/librefm/templates/login.tpl
===================================================================
--- trunk/nixtape/themes/librefm/templates/login.tpl 2009-05-01 20:56:39 UTC
(rev 1100)
+++ trunk/nixtape/themes/librefm/templates/login.tpl 2009-05-01 21:00:34 UTC
(rev 1101)
@@ -14,9 +14,13 @@
<label
for='password'>Password<span> </span></label>
<input id='password' name='password' type='password'
value=''/>
-
+
+ <label for='remember'>Remember
me<span> </span></label>
+ <input id='remember' name='remember' type='checkbox'
value='1'/>
+
<input type='submit' name='login' value='Let me in!' />
<input name="return" type="hidden"
value="{$return|htmlentities}" />
+
</fieldset>
</form>
Modified: trunk/nixtape/themes/librefm/templates/menu.tpl
===================================================================
--- trunk/nixtape/themes/librefm/templates/menu.tpl 2009-05-01 20:56:39 UTC
(rev 1100)
+++ trunk/nixtape/themes/librefm/templates/menu.tpl 2009-05-01 21:00:34 UTC
(rev 1101)
@@ -1,12 +1,12 @@
<ul>
{if ($logged_in)}
- <li><a href="{$u_user->getURL()}">{$u_user->name}</a></li>
+ <li><a href="{$this_user->getURL()}">{$this_user->name}</a></li>
{else}
<li><a href="{$base_url}/register.php">Register</a></li>
{/if}
{if ($logged_in)}
- {if $u_user->userlevel > 0}
+ {if $this_user->userlevel > 0}
<li><a href="/admin.php">admin</a></li>
{/if}
<li><a href="{$base_url}/login.php?action=logout">Logout</a></li>
Modified: trunk/nixtape/themes/librefm/templates/track.tpl
===================================================================
--- trunk/nixtape/themes/librefm/templates/track.tpl 2009-05-01 20:56:39 UTC
(rev 1100)
+++ trunk/nixtape/themes/librefm/templates/track.tpl 2009-05-01 21:00:34 UTC
(rev 1101)
@@ -5,8 +5,8 @@
{include file='player.tpl'}
<script type="text/javascript">
var playlist = [{ldelim}"artist" : "{$track->artist_name}", "album" :
"{$track->album_name}", "track" : "{$track->name}", "url" :
"{$track->streamurl}"{rdelim}];
- {if isset($u_user)}
- playerInit(playlist, "{$u_user->getScrobbleSession()}", false);
+ {if isset($this_user)}
+ playerInit(playlist, "{$this_user->getScrobbleSession()}", false);
{else}
playerInit(playlist, false, false);
{/if}
Modified: trunk/nixtape/user-edit.php
===================================================================
--- trunk/nixtape/user-edit.php 2009-05-01 20:56:39 UTC (rev 1100)
+++ trunk/nixtape/user-edit.php 2009-05-01 21:00:34 UTC (rev 1101)
@@ -32,9 +32,6 @@
die();
}
-# Doesn't seem to work - $user = $_SESSION['user'];
-$user = new User($_SESSION['user']->name);
-
$errors = array();
if ($_POST['submit'])
@@ -107,22 +104,22 @@
{
# Currently we don't allow them to change e-mail as we probably
should
# have some kind of confirmation login to do so.
- $user->id = $_POST['id'];
- $user->fullname = $_POST['fullname'];
- $user->homepage = $_POST['homepage'];
- $user->bio = $_POST['bio'];
- $user->location = $_POST['location'];
- $user->location_uri = $_POST['location_uri'];
- $user->avatar_uri = $_POST['avatar_uri'];
- $user->laconica_profile = $_POST['laconica_profile'];
- $user->journal_rss = $_POST['journal_rss'];
+ $this_user->id = $_POST['id'];
+ $this_user->fullname = $_POST['fullname'];
+ $this_user->homepage = $_POST['homepage'];
+ $this_user->bio = $_POST['bio'];
+ $this_user->location = $_POST['location'];
+ $this_user->location_uri = $_POST['location_uri'];
+ $this_user->avatar_uri = $_POST['avatar_uri'];
+ $this_user->laconica_profile = $_POST['laconica_profile'];
+ $this_user->journal_rss = $_POST['journal_rss'];
if (!empty( $_POST['password_1'] ))
$user->password = md5($_POST['password_1']);
- $user->save();
+ $this_user->save();
- header("Location: " . $user->getURL());
+ header("Location: " . $this_user->getURL());
exit;
}
@@ -134,18 +131,18 @@
}
}
-if(isset($user->name))
+if(isset($this_user->name))
{
# Stuff which cannot be changed.
- $smarty->assign("acctid", $user->acctid);
- $smarty->assign('avatar', $user->getAvatar());
- $smarty->assign('user', $user->name);
+ $smarty->assign("acctid", $this_user->acctid);
+ $smarty->assign('avatar', $this_user->getAvatar());
+ $smarty->assign('user', $this_user->name);
# Stuff which cannot be changed *here*
- $smarty->assign('userlevel', $user->userlevel);
+ $smarty->assign('userlevel', $this_user->userlevel);
# Stuff which cannot be changed *yet*
- $smarty->assign('email', $user->email);
+ $smarty->assign('email', $this_user->email);
if ($_POST['submit'])
{
@@ -161,15 +158,15 @@
}
else
{
- $smarty->assign("id", ($user->webid_uri));
- $smarty->assign('fullname', ($user->fullname));
- $smarty->assign('bio', ($user->bio));
- $smarty->assign('homepage', ($user->homepage));
- $smarty->assign('location', ($user->location));
- $smarty->assign('location_uri', ($user->location_uri));
- $smarty->assign('avatar_uri', ($user->avatar_uri));
- $smarty->assign('laconica_profile', ($user->laconica_profile));
- $smarty->assign('journal_rss', ($user->journal_rss));
+ $smarty->assign("id", ($this_user->webid_uri));
+ $smarty->assign('fullname', ($this_user->fullname));
+ $smarty->assign('bio', ($this_user->bio));
+ $smarty->assign('homepage', ($this_user->homepage));
+ $smarty->assign('location', ($this_user->location));
+ $smarty->assign('location_uri', ($this_user->location_uri));
+ $smarty->assign('avatar_uri', ($this_user->avatar_uri));
+ $smarty->assign('laconica_profile',
($this_user->laconica_profile));
+ $smarty->assign('journal_rss', ($this_user->journal_rss));
}
# And display the page.
Modified: trunk/nixtape/user-journal.php
===================================================================
--- trunk/nixtape/user-journal.php 2009-05-01 20:56:39 UTC (rev 1100)
+++ trunk/nixtape/user-journal.php 2009-05-01 21:00:34 UTC (rev 1101)
@@ -70,7 +70,7 @@
if (!PEAR::isError ($aUserTagCloud)) {
$smarty->assign('user_tagcloud',$aUserTagCloud);
}
-$smarty->assign('isme', ($_SESSION['user']->name == $user->name));
+$smarty->assign('isme', ($this_user->name == $user->name));
$smarty->assign('me', $user);
$smarty->assign('geo', Server::getLocationDetails($user->location_uri));
$smarty->assign('profile', true);
Modified: trunk/nixtape/user-profile.php
===================================================================
--- trunk/nixtape/user-profile.php 2009-05-01 20:56:39 UTC (rev 1100)
+++ trunk/nixtape/user-profile.php 2009-05-01 21:00:34 UTC (rev 1101)
@@ -49,7 +49,7 @@
if (!PEAR::isError ($aUserTagCloud)) {
$smarty->assign('user_tagcloud',$aUserTagCloud);
}
- $smarty->assign('isme', ($_SESSION['user']->name == $user->name));
+ $smarty->assign('isme', ($this_user->name == $user->name));
$smarty->assign('me', $user);
$smarty->assign('profile', true);
Modified: trunk/nixtape/user-recent-tracks.php
===================================================================
--- trunk/nixtape/user-recent-tracks.php 2009-05-01 20:56:39 UTC (rev
1100)
+++ trunk/nixtape/user-recent-tracks.php 2009-05-01 21:00:34 UTC (rev
1101)
@@ -50,7 +50,7 @@
if (!PEAR::isError ($aUserTagCloud)) {
$smarty->assign('user_tagcloud',$aUserTagCloud);
}
- $smarty->assign('isme', ($_SESSION['user']->name == $user->name));
+ $smarty->assign('isme', ($this_user->name == $user->name));
$smarty->assign('me', $user);
$smarty->assign('profile', true);
Modified: trunk/nixtape/user-stats.php
===================================================================
--- trunk/nixtape/user-stats.php 2009-05-01 20:56:39 UTC (rev 1100)
+++ trunk/nixtape/user-stats.php 2009-05-01 21:00:34 UTC (rev 1101)
@@ -56,7 +56,7 @@
$smarty->assign('me', $user);
$smarty->assign('geo', Server::getLocationDetails($user->location_uri));
- $smarty->assign('isme', ($_SESSION['user']->name == $user->name));
+ $smarty->assign('isme', ($this_user->name == $user->name));
$smarty->assign('stats', true);
$smarty->display('user-stats.tpl');
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Librefm-commits] [1101] Add 'Remember me option' (fixes bug #26264, thanks to Piotr Szulawski),
Michael Sheldon <=