Merge branch 'stable-3.0.5' of git.ispconfig.org:ispconfig/ispconfig3 into stable-3.0.5

Author: Till Brehm

install/sql/ispconfig3.sql

@@ -2217,5 +2217,6 @@ INSERT INTO `sys_user` (`userid`, `sys_userid`, `sys_groupid`, `sys_perm_user`,
 --
 
 INSERT INTO sys_config VALUES ('1','db','db_version','3.0.5.3');
+INSERT INTO sys_config VALUES ('2','interface','session_timeout','0');
 
 SET FOREIGN_KEY_CHECKS = 1;

install/tpl/system.ini.master

@@ -49,3 +49,4 @@ client_dashlets_right=
 customer_no_template=C[CUSTOMER_NO]
 customer_no_start=1
 customer_no_counter=0
+session_timeout=0

interface/lib/app.inc.php

@@ -66,6 +66,14 @@ public function __construct() {
 		if($this->_conf['start_session'] == true) {
 
 			$this->uses('session');
+			$tmp = $this->db->queryOneRecord("SELECT `value` FROM sys_config WHERE `config_id` = 2 AND `group` = 'interface' AND `name` = 'session_timeout'");
+			if($tmp && $tmp['value'] > 0) {
+				$this->session->set_timeout($tmp['value']);
+				session_set_cookie_params(($tmp['value'] * 60) + 300); // make the cookie live 5 minutes longer
+			} else {
+				session_set_cookie_params(0); // until browser is closed
+			}
+			
 			session_set_save_handler( array($this->session, 'open'),
 				array($this->session, 'close'),
 				array($this->session, 'read'),
@@ -74,7 +82,7 @@ public function __construct() {
 				array($this->session, 'gc'));
 
 			session_start();
-
+			
 			//* Initialize session variables
 			if(!isset($_SESSION['s']['id']) ) $_SESSION['s']['id'] = session_id();
 			if(empty($_SESSION['s']['theme'])) $_SESSION['s']['theme'] = $conf['theme'];

interface/lib/classes/session.inc.php

@@ -32,9 +32,17 @@ class session {
 
 	private $session_array = array();
 	private $db;
+	private $timeout = 0;
 
-	function __construct() {
+	function __construct($session_timeout = 0) {
 		$this->db = new db;
+		$this->timeout = $session_timeout;
+	}
+	
+	function set_timeout($session_timeout = 0) {
+		$old_timeout = $this->timeout;
+		$this->timeout = $session_timeout;
+		return $old_timeout;
 	}
 
 	function open ($save_path, $session_name) {
@@ -51,8 +59,12 @@ function close () {
 	}
 
 	function read ($session_id) {
-
-		$rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."'");
+		
+		if($this->timeout > 0) {
+			$rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."' AND last_updated >= DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE)");
+		} else {
+			$rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."'");
+		}
 
 		if (is_array($rec)) {
 			$this->session_array = $rec;
@@ -108,12 +120,16 @@ function destroy ($session_id) {
 
 	function gc ($max_lifetime) {
 
-		$real_now = date('Y-m-d H:i:s');
-		$dt1 = strtotime("$real_now -$max_lifetime seconds");
-		$dt2 = date('Y-m-d H:i:s', $dt1);
+		/*if($this->timeout > 0) {
+			$this->db->query("DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE)");
+		} else {*/
+			$real_now = date('Y-m-d H:i:s');
+			$dt1 = strtotime("$real_now -$max_lifetime seconds");
+			$dt2 = date('Y-m-d H:i:s', $dt1);
 
-		$sql = "DELETE FROM sys_session WHERE last_updated < '$dt2'";
-		$this->db->query($sql);
+			$sql = "DELETE FROM sys_session WHERE last_updated < '$dt2'";
+			$this->db->query($sql);
+		//}
 
 		return true;
 

interface/web/admin/form/system_config.tform.php

@@ -473,6 +473,14 @@
 			'width'  => '30',
 			'maxlength' => '255'
 		),
+		'session_timeout' => array (
+			'datatype' => 'INTEGER',
+			'formtype' => 'TEXT',
+			'default' => '',
+			'value'  => '',
+			'width'  => '30',
+			'maxlength' => '255'
+		),
 		//#################################
 		// ENDE Datatable fields
 		//#################################

interface/web/admin/lib/lang/de_system_config.lng

@@ -59,4 +59,9 @@ $wb['reseller_dashlets_left_txt'] = 'Reseller-Dashlets links';
 $wb['reseller_dashlets_right_txt'] = 'Reseller-Dashlets rechts';
 $wb['client_dashlets_left_txt'] = 'Kunden-Dashlets links';
 $wb['client_dashlets_right_txt'] = 'Kunden-Dashlets rechts';
+$wb['customer_no_template_txt'] = 'Kundennummer-Vorlage';
+$wb['customer_no_template_error_regex_txt'] = 'Die Kundennummer-Vorlage enthält ungültige Zeichen';
+$wb['customer_no_start_txt'] = 'Kundennummer Startwert';
+$wb['customer_no_counter_txt'] = 'Kundennummer Zähler';
+$wb['session_timeout_txt'] = 'Session-Timeout (Minuten)';
 ?>

interface/web/admin/lib/lang/en_system_config.lng

@@ -63,4 +63,5 @@ $wb['customer_no_template_txt'] = 'Customer No. template';
 $wb['customer_no_template_error_regex_txt'] = 'The customer No. template contains invalid characters';
 $wb['customer_no_start_txt'] = 'Customer No. start value';
 $wb['customer_no_counter_txt'] = 'Customer No. counter';
+$wb['session_timeout_txt'] = 'Session timeout (minutes)';
 ?>

interface/web/admin/system_config_edit.php

@@ -141,14 +141,17 @@ function onUpdateSave($sql) {
 		*/
 
 		$new_config = $app->tform->encode($this->dataRecord, $section);
-		if($section == 'sites' && $new_config['vhost_subdomains'] != 'y' && $server_config_array['vhost_subdomains'] == 'y') {
+		if($section == 'sites' && $new_config['vhost_subdomains'] != 'y' && $server_config_array['sites']['vhost_subdomains'] == 'y') {
 			// check for existing vhost subdomains, if found the mode cannot be disabled
 			$check = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_domain` WHERE `type` = 'vhostsubdomain'");
 			if($check['cnt'] > 0) {
 				$new_config['vhost_subdomains'] = 'y';
 			}
 		} elseif($section == 'mail') {
-			if($new_config['smtp_pass'] == '') $new_config['smtp_pass'] = $server_config_array['smtp_pass'];
+			if($new_config['smtp_pass'] == '') $new_config['smtp_pass'] = $server_config_array['mail']['smtp_pass'];
+		} elseif($section == 'misc' && $new_config['session_timeout'] != $server_config_array['misc']['session_timeout']) {
+			$app->db->query("DELETE FROM sys_config WHERE `config_id` = 2 AND `group` = 'interface' AND `name` = 'session_timeout'");
+			$app->db->query("INSERT INTO sys_config (`config_id`, `group`, `name`, `value`) VALUES (2, 'interface', 'session_timeout', '" . intval($new_config['session_timeout']) . "')");
 		}
 		$server_config_array[$section] = $new_config;
 		$server_config_str = $app->ini_parser->get_ini_string($server_config_array);

interface/web/admin/templates/system_config_misc_edit.htm

@@ -81,7 +81,11 @@ <h2><tmpl_var name="list_head_txt"></h2>
                 <label for="customer_no_counter">{tmpl_var name='customer_no_counter_txt'}</label>
                 <input name="customer_no_counter" id="customer_no_counter" value="{tmpl_var name='customer_no_counter'}" size="30" maxlength="255" type="text" class="textInput formLengthHalf" />
             </div>
-            <div class="ctrlHolder">
+			<div class="ctrlHolder">
+                <label for="session_timeout">{tmpl_var name='session_timeout_txt'}</label>
+                <input name="session_timeout" id="session_timeout" value="{tmpl_var name='session_timeout'}" size="30" maxlength="255" type="text" class="textInput formLengthHalf" />
+            </div>
+			<div class="ctrlHolder">
                 <p class="label">{tmpl_var name='maintenance_mode_txt'}</p>
                 <div class="multiField">
                     {tmpl_var name='maintenance_mode'}

interface/web/login/index.php

@@ -230,7 +230,8 @@ public function render() {
 								$_SESSION['s']['user']['theme'] = isset($user['app_theme']) ? $user['app_theme'] : 'default';
 								$_SESSION['s']['language'] = $user['language'];
 								$_SESSION["s"]['theme'] = $_SESSION['s']['user']['theme'];
-
+								$_SESSION['s']['session_timeout'] = $server_config_array['session_timeout'];
+								
 								if(is_file($_SESSION['s']['user']['startmodule'].'/lib/module.conf.php')) {
 									include_once $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php';
 									$menu_dir = ISPC_WEB_PATH.'/' . $_SESSION['s']['user']['startmodule'] . '/lib/menu.d';