aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/config_default.inc.php6
-rw-r--r--include/functions_session.inc.php7
-rw-r--r--include/functions_user.inc.php28
3 files changed, 30 insertions, 11 deletions
diff --git a/include/config_default.inc.php b/include/config_default.inc.php
index c4c4bdb4d..0fb9eef43 100644
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@@ -312,13 +312,13 @@ $conf['session_save_handler'] = 'db';
// creates a cookie on client side.
$conf['authorize_remembering'] = true;
+// remember_me_name: specifies the name of the cookie used to stay logged
+$conf['remember_me_name'] = 'pwg_remember';
+
// remember_me_length : time of validity for "remember me" cookies, in
// seconds.
$conf['remember_me_length'] = 31536000;
-// session_length : time of validity for normal session, in seconds.
-$conf['session_length'] = 3600;
-
// +-----------------------------------------------------------------------+
// | debug |
// +-----------------------------------------------------------------------+
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index 8765028ae..7fdf5dde8 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -71,11 +71,8 @@ if (isset($conf['session_save_handler'])
ini_set('session.use_only_cookies', $conf['session_use_only_cookies']);
ini_set('session.use_trans_sid', intval($conf['session_use_trans_sid']));
}
- session_name( $conf['session_name'] );
- session_set_cookie_params(
- ini_get('session.cookie_lifetime'),
- cookie_path()
- );
+ session_name($conf['session_name']);
+ session_set_cookie_params(0, cookie_path());
}
// cookie_path returns the path to use for the PhpWebGallery cookie.
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index c3048d6b0..134f7493d 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -551,12 +551,34 @@ function get_language_filepath($filename)
function log_user($user_id, $remember_me)
{
global $conf;
- $session_length = $conf['session_length'];
+
if ($remember_me)
{
- $session_length = $conf['remember_me_length'];
+ // search for an existing auto_login_key
+ $query = '
+SELECT auto_login_key
+ FROM '.USERS_TABLE.'
+ WHERE '.$conf['user_fields']['id'].' = '.$user_id.'
+;';
+
+ $auto_login_key = current(mysql_fetch_assoc(pwg_query($query)));
+ if (empty($auto_login_key))
+ {
+ $auto_login_key = base64_encode(md5(uniqid(rand(), true)));
+ $query = '
+UPDATE '.USERS_TABLE.'
+ SET auto_login_key=\''.$auto_login_key.'\'
+ WHERE '.$conf['user_fields']['id'].' = '.$user_id.'
+;';
+ pwg_query($query);
+ }
+ $cookie = array('id' => $user_id, 'key' => $auto_login_key);
+ setcookie($conf['remember_me_name'],
+ serialize($cookie),
+ time()+$conf['remember_me_length'],
+ cookie_path()
+ );
}
- session_set_cookie_params($session_length);
session_start();
$_SESSION['pwg_uid'] = $user_id;
}