This is going to end up being a requirement as I can already hear users say
why do they need to keep logging into the system when they have not logged
out. (internal non-internet wiki).
So last night I did some preliminary looking around to see what and where
would need to be changed to implement this.
I came up with...
In the engine.php the section where it does the check.... basically looking
for session info that contains the ID array which contains the member and id
of the
user.
Since the user is not considered logged in any more if the session is gone
(closed the
browser or the session has timed out), the way to provide a persistent login
would
require an actual cookie set on the users browser which contains enough info
to
validate them for reestablishing a session with them as logged in.
If the info in the cookie is found to not be valid, then it should be
destroyed and
the user set to guest like normally requiring them to login again from
scratch
to reestablish the login status.
It looks like the only places that would need to be changed for this would
be
1) engine.php section:
## SETUP MEMBER/GROUP AUTHENTICATION, MESSAGING, AND QUERY VARS
$BOLTfieldKey = BOLTconfig('BOLTfieldKey', $fieldName);
session_start();
$BOLTsession = $_SESSION[$BOLTfieldKey];
$BOLTabortGET = $_SESSION[$BOLTfieldKey]['KEY'][$pageLink]['GET'];
unset($_SESSION[$BOLTfieldKey]['MSG']);
unset($_SESSION[$BOLTfieldKey]['QUERY']);
unset($_SESSION[$BOLTfieldKey]['FORM'][$pageLink]);
unset($_SESSION[$BOLTfieldKey]['KEY'][$pageLink]);
unset($_SESSION[$BOLTfieldKey]['CONFLICT']);
session_write_close();
if (isset($BOLTsession['ID'])) {
$BOLTmember = $BOLTsession['ID']['member'];
$BOLTid = $BOLTsession['ID']['id'];
if (is_array($BOLTsession['GROUP'])) {
$g = $BOLTsession['GROUP'];
$g = array_keys($g);
}
$BOLTmemberships = 'guest,member';
if (is_array($g)) $BOLTmemberships = $BOLTmemberships . ',' .
implode(",", $g);
}
else {
$BOLTmember = BOLTconfig('BOLTguestname', 'Guest');
$BOLTmemberships = 'guest';
}
Most likely a test for valid session info before the
isset($BOLTsession['ID'] itself.
If none is found, then look for the cookie instead and check that, If
correct do basically
what you would do before you did the isset($BOLTsession['ID'] except now the
session stuff
would now exist.
2) In the function BOLTXlogin($value, $field) in the ommands.php file...
Where the session info is set with the user, a cookie would also be
created. Perhaps
only if a check box for the login is set that the user chooses to "Remember
Your login".
The only question is what to put in the cookie and how to secure it
reasonably from abuse.
It would have to include the users name, and include the users password in a
hash of some sort so that
you could compare it against the users real settings.
You might be able to add the password in an encrypted format that is
determined by a new
variable in site.config perhaps something like cookieCrypt that is used when
the cookie
is generated and then when it is read.
Looks like it would be pretty simple to add, but I have not checked if there
are other areas
where it might need to be checked. So far I don't think so because even
registration doesn't
actually log the user in.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"BoltWire" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/boltwire?hl=en
-~----------~----~----~----~------~----~------~--~---
