Have you looked at this plugin? Not 100% sure it still works, but it did at one time, and if not, it would probably be easy to fix. I thought it was a pretty clever solution actually...
Cheers, Dan On Thu, Sep 24, 2009 at 2:58 PM, Kevin <[email protected]> wrote: > This is going to end up being a requirement as I can already hear users say > why do they need to keep logging into the system when they have not logged > out. (internal non-internet wiki). > > So last night I did some preliminary looking around to see what and where > would need to be changed to implement this. > > I came up with... > > In the engine.php the section where it does the check.... basically looking > for session info that contains the ID array which contains the member and id > of the > user. > > Since the user is not considered logged in any more if the session is gone > (closed the > browser or the session has timed out), the way to provide a persistent login > would > require an actual cookie set on the users browser which contains enough info > to > validate them for reestablishing a session with them as logged in. > > If the info in the cookie is found to not be valid, then it should be > destroyed and > the user set to guest like normally requiring them to login again from > scratch > to reestablish the login status. > > It looks like the only places that would need to be changed for this would > be > > 1) engine.php section: > > ## SETUP MEMBER/GROUP AUTHENTICATION, MESSAGING, AND QUERY VARS > $BOLTfieldKey = BOLTconfig('BOLTfieldKey', $fieldName); > session_start(); > $BOLTsession = $_SESSION[$BOLTfieldKey]; > $BOLTabortGET = $_SESSION[$BOLTfieldKey]['KEY'][$pageLink]['GET']; > unset($_SESSION[$BOLTfieldKey]['MSG']); > unset($_SESSION[$BOLTfieldKey]['QUERY']); > unset($_SESSION[$BOLTfieldKey]['FORM'][$pageLink]); > unset($_SESSION[$BOLTfieldKey]['KEY'][$pageLink]); > unset($_SESSION[$BOLTfieldKey]['CONFLICT']); > session_write_close(); > if (isset($BOLTsession['ID'])) { > $BOLTmember = $BOLTsession['ID']['member']; > $BOLTid = $BOLTsession['ID']['id']; > if (is_array($BOLTsession['GROUP'])) { > $g = $BOLTsession['GROUP']; > $g = array_keys($g); > } > $BOLTmemberships = 'guest,member'; > if (is_array($g)) $BOLTmemberships = $BOLTmemberships . ',' . > implode(",", $g); > } > else { > $BOLTmember = BOLTconfig('BOLTguestname', 'Guest'); > $BOLTmemberships = 'guest'; > } > > Most likely a test for valid session info before the > isset($BOLTsession['ID'] itself. > > If none is found, then look for the cookie instead and check that, If > correct do basically > what you would do before you did the isset($BOLTsession['ID'] except now the > session stuff > would now exist. > > 2) In the function BOLTXlogin($value, $field) in the ommands.php file... > > Where the session info is set with the user, a cookie would also be > created. Perhaps > only if a check box for the login is set that the user chooses to "Remember > Your login". > > > The only question is what to put in the cookie and how to secure it > reasonably from abuse. > > It would have to include the users name, and include the users password in a > hash of some sort so that > you could compare it against the users real settings. > > You might be able to add the password in an encrypted format that is > determined by a new > variable in site.config perhaps something like cookieCrypt that is used when > the cookie > is generated and then when it is read. > > Looks like it would be pretty simple to add, but I have not checked if there > are other areas > where it might need to be checked. So far I don't think so because even > registration doesn't > actually log the user in. > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "BoltWire" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/boltwire?hl=en -~----------~----~----~----~------~----~------~--~---
