diff options
| -rw-r--r-- | config/ampache.cfg.php.dist | 28 | ||||
| -rwxr-xr-x | docs/CHANGELOG | 2 | ||||
| -rw-r--r-- | login.php | 21 | ||||
| -rw-r--r-- | modules/vauth/auth.lib.php | 4 | ||||
| -rw-r--r-- | modules/vauth/init.php | 5 | ||||
| -rw-r--r-- | modules/vauth/session.lib.php | 16 | ||||
| -rw-r--r-- | templates/show_login_form.inc | 18 |
7 files changed, 57 insertions, 37 deletions
diff --git a/config/ampache.cfg.php.dist b/config/ampache.cfg.php.dist index 9635e530..6714eff3 100644 --- a/config/ampache.cfg.php.dist +++ b/config/ampache.cfg.php.dist @@ -16,19 +16,15 @@ # DEFAULT: "" #web_path = "" -#################### -# The libglue Vars # -#################### +############################### +# Session and Login Variables # +############################### -### -# Below are the variables for the Local Database that will do Auth -### - -# Hostname of your Database (default is localhost) +# Hostname of your Database # DEFAULT: localhost local_host = localhost -# Name of your ampache database (default is ampache) +# Name of your ampache database # DEFAULT: ampache local_db = ampache @@ -36,14 +32,24 @@ local_db = ampache # DEFAULT: "" local_username = username -# Password for your ampache database (can't be blank!) +# Password for your ampache database, this can not be blank +# this is a 'forced' security precaution, the default value +# will not work # DEFAULT: "" local_pass = password -# Login Length in seconds for local logins +# Length that a session will last, the default is very restrictive +# at 15min # DEFAULT: 900 local_length = 900 +# This length defines how long a 'remember me' session and cookie will +# last, the default is 900, same as length. It is up to the administrator +# of the box to increase this, for reference 86400 = 1 day +# 604800 = 1 week and 2419200 = 1 month +# DEAFULT: 900 +remember_length = 900 + # This is the DOMAIN for the cookie that stores your session key # this must be set to the domain of your host or you will not be # able to log in make sure you including the leading . diff --git a/docs/CHANGELOG b/docs/CHANGELOG index fd691d73..1910b94c 100755 --- a/docs/CHANGELOG +++ b/docs/CHANGELOG @@ -4,6 +4,8 @@ -------------------------------------------------------------------------- v.3.3.2-Beta2 + - Added remember_length which defines the length that a 'remember me' + session will last, default is 900 or 15 min - Fixed truncated names on tool-tip text (Thx Patrik) - Fixed a few more Search snafu's that caused it to not remember what you had selected after performing a search (Thx Rubin) @@ -30,16 +30,14 @@ $no_session = true; require_once("modules/init.php"); set_site_preferences(); -// -// So we check for a username and password first -// -if ( $_POST['username'] && $_POST['password'] ) { +/* Check for posted username and password */ +if ($_POST['username'] && $_POST['password']) { if ($_POST['rememberme']) { - $month = 86400*30; - vauth_conf(array('cookie_life'=>$month),1); + $extended = vauth_conf('remember_length'); + vauth_conf(array('cookie_life'=>$extended),1); $cookie_name = vauth_conf('session_name') . "_remember"; - $cookie_life = time() + $month; + $cookie_life = time() + $extended; setcookie($cookie_name, '1', $cookie_life,'/',vauth_conf('cookie_domain')); } @@ -62,9 +60,7 @@ if ( $_POST['username'] && $_POST['password'] ) { } // if we aren't in demo mode } -// -// If we succeeded in authenticating, create a session -// +/* If the authentication was a success */ if ($auth['success']) { // $auth->info are the fields specified in the config file @@ -93,10 +89,13 @@ if ($auth['success']) { header("Location: " . conf('web_path') . "/index.php"); exit(); } // auth success +/* If auth failed then setup the error */ +else { + $GLOBALS['error']->add_error('general',$auth['error']); +} $htmllang = str_replace("_","-",conf('lang')); ?> - <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo $htmllang; ?>" lang="<?php echo $htmllang; ?>"> <head> diff --git a/modules/vauth/auth.lib.php b/modules/vauth/auth.lib.php index 7c974d7c..512155c3 100644 --- a/modules/vauth/auth.lib.php +++ b/modules/vauth/auth.lib.php @@ -76,7 +76,9 @@ function vauth_mysql_auth($username,$password) { $results = mysql_fetch_assoc($db_results); if (!$results) { - return false; + $results['success'] = false; + $results['error'] = 'Error Username or Password incorrect, please try again'; + return $results; } $results['type'] = 'mysql'; diff --git a/modules/vauth/init.php b/modules/vauth/init.php index f79c18f6..3d705cdb 100644 --- a/modules/vauth/init.php +++ b/modules/vauth/init.php @@ -100,6 +100,11 @@ function vauth_init($data) { vauth_error('Cookie Domain Not Defined [cookie_domain]'); $error_status = true; } + + /* For now we won't require it */ + if (!isset($data['remember_length'])) { + $data['remember_length'] = '900'; + } /* If an error has occured then return false */ if ($error_status) { return false; } diff --git a/modules/vauth/session.lib.php b/modules/vauth/session.lib.php index 680f3f9e..13e2285e 100644 --- a/modules/vauth/session.lib.php +++ b/modules/vauth/session.lib.php @@ -87,6 +87,12 @@ function vauth_sess_write($key,$value) { $value = sql_escape($value); $key = sql_escape($key); + /* Check for Rememeber Me */ + $cookie_name = vauth_conf('session_name') . "_remember"; + if ($_COOKIE[$cookie_name]) { + $expire = time() + vauth_conf('remember_length'); + } + $sql = "UPDATE session SET value='$value', expire='$expire'" . " WHERE id='$key'"; $db_results = mysql_query($sql, vauth_dbh()); @@ -183,10 +189,11 @@ function vauth_session_create($data) { $username = sql_escape($data['username']); $type = sql_escape($data['type']); $value = sql_escape($data['value']); + $expire = sql_escape(vauth_conf('session_length')); /* Insert the row */ - $sql = "INSERT INTO session (`id`,`username`,`type`,`value`) " . - " VALUES ('$key','$username','$type','$value')"; + $sql = "INSERT INTO session (`id`,`username`,`type`,`value`,`expire`) " . + " VALUES ('$key','$username','$type','$value','$expire')"; $db_results = mysql_query($sql, vauth_dbh()); return $db_results; @@ -213,8 +220,9 @@ function vauth_check_session() { /* Check for Rememeber Me */ $cookie_name = vauth_conf('session_name') . "_remember"; if ($_COOKIE[$cookie_name]) { - $month = 86400*30; - vauth_conf(array('cookie_life'=>$month),1); + $extended = vauth_conf('remember_length'); + vauth_conf(array('cookie_life'=>$extended),1); + setcookie($cookie_name, '1', time() + $extended,'/',vauth_conf('cookie_domain')); } /* Set the Cookie Paramaters */ diff --git a/templates/show_login_form.inc b/templates/show_login_form.inc index ea692d7d..148cd541 100644 --- a/templates/show_login_form.inc +++ b/templates/show_login_form.inc @@ -30,15 +30,18 @@ if (preg_match($subject,$_SERVER['HTTP_HOST'])) { ?> <br /><br /> <p align="center"> - <a href="http://www.ampache.org"><img src="<?php echo conf('web_path'); - ?><?php echo conf('theme_path'); ?>/images/ampache.gif" title="<?php echo conf('site_title'); ?>" border="0" alt="Ampache" /> + <a href="http://www.ampache.org"><img src="<?php echo conf('web_path'); ?><?php echo conf('theme_path'); ?>/images/ampache.gif" title="<?php echo conf('site_title'); ?>" border="0" alt="Ampache" /> </a> </p> <form name="login" method="post" enctype="multipart/form-data" action="<?php echo conf('web_path'); ; ?>/login.php" style="Display:inline"> <table class="login" bgcolor="<?php echo conf('base_color2'); ?>" border="0" align="center"> <tr> - <td align="center" colspan="2"><?php echo conf('login_message'); ; ?> </td> -</tr> + <td align="center" colspan="2"> + <?php echo conf('login_message'); ; ?> + <?php $GLOBALS['error']->print_error('general'); ?> + </td> + + </tr> <tr> <td><?php echo _("Login"); ; ?>:</td> <td><input type="text" name="username" value="<?php echo $_REQUEST['username']; ; ?>" /></td> @@ -75,9 +78,4 @@ if ($show_copyright == 1) { ?> All Rights Reserved, Copyright © 2006<br /> </font> </p> -<?php } // end if ($show_copyright == 1) -if (isset($auth['error'])) { ?> - <p align="center"> - <font color="red"><?php echo trim($auth['error']); ?></font> - </p> -<?php } // end if (isset($auth['error'])) ?> +<?php } // end if ($show_copyright == 1) ?> |