Which plugin is that? On Thu, Sep 24, 2009 at 12:05 PM, The Editor <[email protected]> wrote:
> > Have you looked at this plugin? Not 100% sure it still works, but it > did at one time, and if not, it would probably be easy to fix. I > thought it was a pretty clever solution actually... > > Cheers, > Dan > > > On Thu, Sep 24, 2009 at 2:58 PM, Kevin <[email protected]> wrote: > > This is going to end up being a requirement as I can already hear users > say > > why do they need to keep logging into the system when they have not > logged > > out. (internal non-internet wiki). > > > > So last night I did some preliminary looking around to see what and where > > would need to be changed to implement this. > > > > I came up with... > > > > In the engine.php the section where it does the check.... basically > looking > > for session info that contains the ID array which contains the member and > id > > of the > > user. > > > > Since the user is not considered logged in any more if the session is > gone > > (closed the > > browser or the session has timed out), the way to provide a persistent > login > > would > > require an actual cookie set on the users browser which contains enough > info > > to > > validate them for reestablishing a session with them as logged in. > > > > If the info in the cookie is found to not be valid, then it should be > > destroyed and > > the user set to guest like normally requiring them to login again from > > scratch > > to reestablish the login status. > > > > It looks like the only places that would need to be changed for this > would > > be > > > > 1) engine.php section: > > > > ## SETUP MEMBER/GROUP AUTHENTICATION, MESSAGING, AND QUERY VARS > > $BOLTfieldKey = BOLTconfig('BOLTfieldKey', $fieldName); > > session_start(); > > $BOLTsession = $_SESSION[$BOLTfieldKey]; > > $BOLTabortGET = $_SESSION[$BOLTfieldKey]['KEY'][$pageLink]['GET']; > > unset($_SESSION[$BOLTfieldKey]['MSG']); > > unset($_SESSION[$BOLTfieldKey]['QUERY']); > > unset($_SESSION[$BOLTfieldKey]['FORM'][$pageLink]); > > unset($_SESSION[$BOLTfieldKey]['KEY'][$pageLink]); > > unset($_SESSION[$BOLTfieldKey]['CONFLICT']); > > session_write_close(); > > if (isset($BOLTsession['ID'])) { > > $BOLTmember = $BOLTsession['ID']['member']; > > $BOLTid = $BOLTsession['ID']['id']; > > if (is_array($BOLTsession['GROUP'])) { > > $g = $BOLTsession['GROUP']; > > $g = array_keys($g); > > } > > $BOLTmemberships = 'guest,member'; > > if (is_array($g)) $BOLTmemberships = $BOLTmemberships . ',' . > > implode(",", $g); > > } > > else { > > $BOLTmember = BOLTconfig('BOLTguestname', 'Guest'); > > $BOLTmemberships = 'guest'; > > } > > > > Most likely a test for valid session info before the > > isset($BOLTsession['ID'] itself. > > > > If none is found, then look for the cookie instead and check that, If > > correct do basically > > what you would do before you did the isset($BOLTsession['ID'] except now > the > > session stuff > > would now exist. > > > > 2) In the function BOLTXlogin($value, $field) in the ommands.php file... > > > > Where the session info is set with the user, a cookie would also be > > created. Perhaps > > only if a check box for the login is set that the user chooses to > "Remember > > Your login". > > > > > > The only question is what to put in the cookie and how to secure it > > reasonably from abuse. > > > > It would have to include the users name, and include the users password > in a > > hash of some sort so that > > you could compare it against the users real settings. > > > > You might be able to add the password in an encrypted format that is > > determined by a new > > variable in site.config perhaps something like cookieCrypt that is used > when > > the cookie > > is generated and then when it is read. > > > > Looks like it would be pretty simple to add, but I have not checked if > there > > are other areas > > where it might need to be checked. So far I don't think so because even > > registration doesn't > > actually log the user in. > > > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "BoltWire" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/boltwire?hl=en -~----------~----~----~----~------~----~------~--~---
