Skip to content

Deleting expired persistent login cookie for Boost compatibility #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
gapple wants to merge 3 commits into
base: 6.x-1.x
Choose a base branch
from
Open

Deleting expired persistent login cookie for Boost compatibility #5

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
46d4c75
Expire users' token cookie if no longer valid.
gapple Mar 7, 2011
0a826ca
Simplified setcookie function, added clearcookie function
gapple Mar 12, 2012
d07eb3a
Don't set checked variable in session unless successful
gapple Mar 12, 2012
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 19 additions & 8 deletions persistent_login.module
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,7 +210,7 @@ function persistent_login_user($op, &$edit, &$account, $category = NULL) {
case 'logout':
$cookie_name = _persistent_login_get_cookie_name();
if (!empty($_COOKIE[$cookie_name])) {
_persistent_login_setcookie($cookie_name, '', time() - 86400);
_persistent_login_clearcookie();
unset($_SESSION['persistent_login_check']);
unset($_SESSION['persistent_login_login']);
unset($_SESSION['persistent_login_reauth']);
Expand Down Expand Up @@ -253,6 +253,7 @@ function persistent_login_user($op, &$edit, &$account, $category = NULL) {
}
// If the password is modified, fall through to wipe all persistent logins.
case 'delete':
_persistent_login_clearcookie();
_persistent_login_invalidate($op, 'uid = %d', $account->uid);
unset($_SESSION['persistent_login_check']);
unset($_SESSION['persistent_login_login']);
Expand Down Expand Up @@ -313,8 +314,6 @@ function _persistent_login_check() {
$cookie_name = _persistent_login_get_cookie_name();

if ($user->uid == 0 && isset($_COOKIE[$cookie_name]) && !isset($_SESSION['persistent_login_check'])) {
// For efficiency, only check once per session unless something changes.
$_SESSION['persistent_login_check'] = TRUE;

list($uid, $series, $token) = explode(':', $_COOKIE[$cookie_name]);

Expand All @@ -323,10 +322,12 @@ function _persistent_login_check() {
$r = db_fetch_array($res);
if (!is_array($r) || count($r) == 0) {
// $uid:$series is invalid
_persistent_login_clearcookie();
return;
}
else if ($r['pl_expires'] > 0 && $r['pl_expires'] < time()) {
// $uid:$series has expired
_persistent_login_clearcookie();
return;
}

Expand All @@ -336,6 +337,9 @@ function _persistent_login_check() {
require_once './includes/theme.inc';

if ($r['pl_token'] === $token) {
// For efficiency, only check once per session unless something changes.
$_SESSION['persistent_login_check'] = TRUE;

// Delete the one-time use persistent login cookie.
_persistent_login_invalidate('used', "uid = %d AND series = '%s'", $uid, $series);

Expand Down Expand Up @@ -393,6 +397,7 @@ function _persistent_login_check() {

// Reset PL state in $_SESSION.
$d = array();
_persistent_login_clearcookie();
_persistent_login_invalidate('stolen', 'uid = %d', $uid);
persistent_login_user('logout', $d, $user);
// Delete all open sessions for this user. Use $uid from the
Expand Down Expand Up @@ -430,7 +435,7 @@ function _persistent_login_create_cookie($acct, $edit = array()) {
$expires = (isset($edit['pl_expires']) ? $edit['pl_expires'] : (($days > 0) ? time() + $days * 86400 : 0));
$series = (isset($edit['pl_series']) ? $edit['pl_series'] : drupal_get_token(uniqid(mt_rand(), TRUE)));

_persistent_login_setcookie($cookie_name, $acct->uid .':'. $series .':'. $token, $expires > 0 ? $expires : 2147483647);
_persistent_login_setcookie($acct->uid .':'. $series .':'. $token, $expires > 0 ? $expires : 2147483647);

db_query("INSERT INTO {persistent_login} (uid, series, token, expires) VALUES (%d, '%s', '%s', %d)", $acct->uid, $series, $token, $expires);
if (db_affected_rows() != 1) {
Expand All @@ -452,21 +457,27 @@ function _persistent_login_create_cookie($acct, $edit = array()) {
}

/**
* Set a cookie with the same options as the session cookie.
* Set the persistent login cookie with the same options as the session cookie.
*
* @param $name
* The name of the cookie.
* @param $value
* The value to store in the cookie.
* @param $expire
* The time the cookie expires. This is a Unix timestamp so is in number of seconds
* since the epoch. By default expires when the browser is closed.
*/
function _persistent_login_setcookie($name, $value, $expire = 0) {
function _persistent_login_setcookie($value, $expire = 0) {
$name = _persistent_login_get_cookie_name();
$params = session_get_cookie_params();
setcookie($name, $value, $expire, $params['path'], $params['domain'], $params['secure']);
}

/**
* Remove the persistent login cookie.
*/
function _persistent_login_clearcookie() {
_persistent_login_setcookie('', time() - 86400);
}

/**
* Get the name of the Persistent Login cookie.
*
Expand Down