diff options
author | robocoder <anthon.pang@gmail.com> | 2010-08-08 09:11:47 +0400 |
---|---|---|
committer | robocoder <anthon.pang@gmail.com> | 2010-08-08 09:11:47 +0400 |
commit | 59710e8f52a9c6f88272c75ccd39cf3c95afbe59 (patch) | |
tree | ead775cc0997b87871fb4da98fe36b75f983f581 /plugins/Login | |
parent | 169d85cdd9c06f30511235ee111384b114a0e9f3 (diff) |
refs #1419 - add 'Remember Me' to Login form; unchecked by default (which is safe by default); small change to core/Cookie.php to allow cookie to expire at end-of-session; shorten persistent cookie life to 14 days
Note: potential compat buster: logme() cookie is no longer persistent
git-svn-id: http://dev.piwik.org/svn/trunk@2901 59fd770c-687e-43c8-a1e3-f5a4ff64c105
Diffstat (limited to 'plugins/Login')
-rw-r--r-- | plugins/Login/Auth.php | 7 | ||||
-rw-r--r-- | plugins/Login/Controller.php | 9 | ||||
-rw-r--r-- | plugins/Login/FormLogin.php | 7 | ||||
-rw-r--r-- | plugins/Login/Login.php | 5 | ||||
-rw-r--r-- | plugins/Login/templates/login.tpl | 6 |
5 files changed, 20 insertions, 14 deletions
diff --git a/plugins/Login/Auth.php b/plugins/Login/Auth.php index 03614aee6c..2917727414 100644 --- a/plugins/Login/Auth.php +++ b/plugins/Login/Auth.php @@ -30,14 +30,9 @@ class Piwik_Login_Auth implements Piwik_Auth $rootPassword = Zend_Registry::get('config')->superuser->password; $rootToken = Piwik_UsersManager_API::getInstance()->getTokenAuth($rootLogin, $rootPassword); - if($this->login == $rootLogin + if(($this->login == $rootLogin || is_null($this->login)) && $this->token_auth == $rootToken) { - return new Piwik_Auth_Result(Piwik_Auth_Result::SUCCESS_SUPERUSER_AUTH_CODE, $this->login, $this->token_auth ); - } - - if($this->token_auth === $rootToken) - { return new Piwik_Auth_Result(Piwik_Auth_Result::SUCCESS_SUPERUSER_AUTH_CODE, $rootLogin, $rootToken ); } diff --git a/plugins/Login/Controller.php b/plugins/Login/Controller.php index cd8ad8542c..c3ec296aa9 100644 --- a/plugins/Login/Controller.php +++ b/plugins/Login/Controller.php @@ -77,9 +77,10 @@ class Piwik_Login_Controller extends Piwik_Controller { $login = $form->getSubmitValue('form_login'); $password = $form->getSubmitValue('form_password'); + $rememberMe = $form->getSubmitValue('form_rememberme') == '1'; $md5Password = md5($password); try { - $this->authenticateAndRedirect($login, $md5Password, $urlToRedirect); + $this->authenticateAndRedirect($login, $md5Password, $rememberMe, $urlToRedirect); } catch(Exception $e) { $messageNoAccess = $e->getMessage(); } @@ -122,7 +123,7 @@ class Piwik_Login_Controller extends Piwik_Controller $urlToRedirect = Piwik_Common::getRequestVar('url', $currentUrl, 'string'); $urlToRedirect = htmlspecialchars_decode($urlToRedirect); - $this->authenticateAndRedirect($login, $password, $urlToRedirect); + $this->authenticateAndRedirect($login, $password, false, $urlToRedirect); } /** @@ -130,13 +131,15 @@ class Piwik_Login_Controller extends Piwik_Controller * * @param string $login (user name) * @param string $md5Password (md5 hash of password) + * @param bool $rememberMe Remember me? * @param string $urlToRedirect (URL to redirect to, if successfully authenticated) * @return string (failure message if unable to authenticate) */ - protected function authenticateAndRedirect($login, $md5Password, $urlToRedirect) + protected function authenticateAndRedirect($login, $md5Password, $rememberMe, $urlToRedirect) { $info = array( 'login' => $login, 'md5Password' => $md5Password, + 'rememberMe' => $rememberMe, ); Piwik_PostEvent('Login.initSession', $info); Piwik_Url::redirectToUrl($urlToRedirect); diff --git a/plugins/Login/FormLogin.php b/plugins/Login/FormLogin.php index 0dfd83a661..94a24f3a23 100644 --- a/plugins/Login/FormLogin.php +++ b/plugins/Login/FormLogin.php @@ -31,6 +31,13 @@ class Piwik_Login_FormLogin extends Piwik_QuickForm2 $this->addElement('hidden', 'form_nonce'); + $this->addElement('checkbox', 'form_rememberme'); + $this->addElement('submit', 'submit'); + + // default values + $this->addDataSource(new HTML_QuickForm2_DataSource_Array(array( + 'form_rememberme' => 0, + ))); } } diff --git a/plugins/Login/Login.php b/plugins/Login/Login.php index 0002029d82..f49965e639 100644 --- a/plugins/Login/Login.php +++ b/plugins/Login/Login.php @@ -67,7 +67,7 @@ class Piwik_Login extends Piwik_Plugin } $authCookieName = Zend_Registry::get('config')->General->login_cookie_name; - $authCookieExpiry = time() + Zend_Registry::get('config')->General->login_cookie_expire; + $authCookieExpiry = 0; $authCookiePath = Zend_Registry::get('config')->General->login_cookie_path; $authCookie = new Piwik_Cookie($authCookieName, $authCookieExpiry, $authCookiePath); $defaultLogin = 'anonymous'; @@ -86,6 +86,7 @@ class Piwik_Login extends Piwik_Plugin $info = $notification->getNotificationObject(); $login = $info['login']; $md5Password = $info['md5Password']; + $rememberMe = $info['rememberMe']; $tokenAuth = Piwik_UsersManager_API::getInstance()->getTokenAuth($login, $md5Password); @@ -103,7 +104,7 @@ class Piwik_Login extends Piwik_Plugin unset($ns->referer); $authCookieName = Zend_Registry::get('config')->General->login_cookie_name; - $authCookieExpiry = time() + Zend_Registry::get('config')->General->login_cookie_expire; + $authCookieExpiry = $rememberMe ? time() + Zend_Registry::get('config')->General->login_cookie_expire : 0; $authCookiePath = Zend_Registry::get('config')->General->login_cookie_path; $cookie = new Piwik_Cookie($authCookieName, $authCookieExpiry, $authCookiePath); $cookie->set('login', $login); diff --git a/plugins/Login/templates/login.tpl b/plugins/Login/templates/login.tpl index f837ada5c3..7e781f8625 100644 --- a/plugins/Login/templates/login.tpl +++ b/plugins/Login/templates/login.tpl @@ -25,9 +25,9 @@ <label>{'Login_Password'|translate}:<br /> <input type="password" name="form_password" id="form_password" class="input" value="" size="20" tabindex="20" /></label> </p> - {* - <p class="forgetmenot"><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90" /> Remember Me</label></p> - *} + <p class="forgetmenot"> + <label><input name="form_rememberme" type="checkbox" id="form_rememberme" value="1" tabindex="90" {if $form_data.form_rememberme.value}checked="checked" {/if}/> {'Login_RememberMe'|translate} </label> + </p> <p class="submit"> <input type="submit" value="{'Login_LogIn'|translate}" tabindex="100" /> </p> |