Hi everybody!
I was looking a way to keep my staff logged in during all day, also in case they close the browser (we are working on our intranet).
I was unable to find the way to do this and I decide to implement it myself. This is a personal solution and I don't know if it'll have security implications.
Try it at your own risk
Also note that I made the changes on a spanish translated source code. I hope that the line numbers will be the same. All modified files belongs to scp folder.
login.php
--- Base (BASE)
+++ Locally Modified (Based On LOCAL)
@@ -50,6 +50,12 @@
$dest=($dest && (!strstr($dest,'login.php') && !strstr($dest,'ajax.php')))?$dest:'index.php';
session_write_close();
session_regenerate_id();
+
+ // Set cookies
+ $expire = time() + 60*60*24;
+ setcookie('user', $_POST, $expire);
+ setcookie('token', $_SESSION, $expire);
+
<USERMENTION username="header">@header</USERMENTION>("Location: $dest");
require_once('index.php'); //Just incase header is messed up.
exit;
staff.inc.php
--- Base (BASE)
+++ Locally Modified (Based On LOCAL)
@@ -51,7 +51,14 @@
exit;
}
-$thisuser = new StaffSession($_SESSION); /*always reload???*/
+$userId = $_SESSION;
+if (!$userId && isset($_COOKIE)) {
+ $userId = $_COOKIE;
+ $_SESSION = $_COOKIE;
+}
+
+$thisuser = new StaffSession($userId); /*always reload???*/
+
//1) is the user Logged in for real && is staff.
if(!is_object($thisuser) || !$thisuser->getId() || !$thisuser->isValid()){
$msg=(!$thisuser || !$thisuser->isValid())?'Se requiere autenticación':'Se a desconectado por inactividad';
logout.php
--- Base (BASE)
+++ Locally Modified (Based On LOCAL)
@@ -20,6 +20,11 @@
$_SESSION=array();
session_unset();
session_destroy();
+
+// Delete cookies
+setcookie('user', NULL, 0);
+setcookie('token', NULL, 0);
+
<USERMENTION username="header">@header</USERMENTION>('Location: login.php');
require('login.php');
?>
Hope this will be useful for others.
Greetings,
Juan Miguel Sosso
www.binfactory.com(www.binfactory.com)
