Merge branch 'stable-3.0.5' of git.ispconfig.org:ispconfig/ispconfig3 into stable-3.0.5

Author: Till Brehm

install/sql/ispconfig3.sql

@@ -1583,6 +1583,7 @@ CREATE TABLE `sys_session` (
   `session_id` varchar(64) NOT NULL DEFAULT '',
   `date_created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
   `last_updated` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
+  `permanent` enum('n','y') NOT NULL DEFAULT 'n',
   `session_data` longtext,
   PRIMARY KEY (`session_id`),
   KEY `last_updated` (`last_updated`)

install/tpl/system.ini.master

@@ -50,3 +50,4 @@ customer_no_template=C[CUSTOMER_NO]
 customer_no_start=1
 customer_no_counter=0
 session_timeout=0
+session_allow_endless=0

interface/lib/app.inc.php

@@ -68,8 +68,25 @@ public function __construct() {
 			$this->uses('session');
 			$tmp = $this->db->queryOneRecord("SELECT `value` FROM sys_config WHERE `config_id` = 2 AND `group` = 'interface' AND `name` = 'session_timeout'");
 			if($tmp && $tmp['value'] > 0) {
-				$this->session->set_timeout($tmp['value']);
-				session_set_cookie_params(($tmp['value'] * 60) + 300); // make the cookie live 5 minutes longer
+				/* check if user wants to stay logged in */
+				if(isset($_POST['s_mod']) && isset($_POST['s_pg']) && $_POST['s_mod'] == 'login' && $_POST['s_pg'] == 'index' && isset($_POST['stay']) && $_POST['stay'] == '1') {
+					/* check if staying logged in is allowed */
+					$app->uses('ini_parser');
+					$tmp = $app->db->queryOneRecord('SELECT config FROM sys_ini WHERE sysini_id = 1');
+					$tmp = $app->ini_parser->parse_ini_string(stripslashes($tmp['config']));
+					if(!isset($tmp['misc']['session_allow_endless']) || $tmp['misc']['session_allow_endless'] != 'y') {
+						$this->session->set_timeout($tmp['value']);
+						session_set_cookie_params(($tmp['value'] * 60) + 300); // make the cookie live 5 minutes longer
+					} else {
+						// we are doing login here, so we need to set the session data
+						$this->session->set_permanent(true);
+						$this->session->set_timeout(365 * 24 * 3600); // one year
+						session_set_cookie_params(365 * 24 * 3600); // make the cookie live 5 minutes longer
+					}
+				} else {
+					$this->session->set_timeout($tmp['value']);
+					session_set_cookie_params(($tmp['value'] * 60) + 300); // make the cookie live 5 minutes longer
+				}
 			} else {
 				session_set_cookie_params(0); // until browser is closed
 			}

interface/lib/classes/session.inc.php

@@ -33,6 +33,7 @@ class session {
 	private $session_array = array();
 	private $db;
 	private $timeout = 0;
+	private $permanent = false;
 
 	function __construct($session_timeout = 0) {
 		$this->db = new db;
@@ -44,6 +45,10 @@ function set_timeout($session_timeout = 0) {
 		$this->timeout = $session_timeout;
 		return $old_timeout;
 	}
+	
+	function set_permanent($value = false) {
+		$this->permanent = $value;
+	}
 
 	function open ($save_path, $session_name) {
 		return true;
@@ -61,7 +66,7 @@ function close () {
 	function read ($session_id) {
 
 		if($this->timeout > 0) {
-			$rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."' AND last_updated >= DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE)");
+			$rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."' AND (`permanent` = 'y' OR last_updated >= DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE))");
 		} else {
 			$rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."'");
 		}
@@ -94,14 +99,14 @@ function write ($session_id, $session_data) {
 			$date_created = date('Y-m-d H:i:s');
 			$last_updated = date('Y-m-d H:i:s');
 			$session_data = $this->db->quote($session_data);
-			$sql = "INSERT INTO sys_session (session_id,date_created,last_updated,session_data) VALUES ('$session_id','$date_created','$last_updated','$session_data')";
+			$sql = "INSERT INTO sys_session (session_id,date_created,last_updated,session_data,permanent) VALUES ('$session_id','$date_created','$last_updated','$session_data','" . ($this->permanent ? 'y' : 'n') . "')";
 			$this->db->query($sql);
 
 		} else {
 			$session_id   = $this->db->quote($session_id);
 			$last_updated = date('Y-m-d H:i:s');
 			$session_data = $this->db->quote($session_data);
-			$sql = "UPDATE sys_session SET last_updated = '$last_updated', session_data = '$session_data' WHERE session_id = '$session_id'";
+			$sql = "UPDATE sys_session SET last_updated = '$last_updated', session_data = '$session_data'" . ($this->permanent ? ", `permanent` = 'y'" : "") . " WHERE session_id = '$session_id'";
 			$this->db->query($sql);
 
 		}
@@ -127,6 +132,13 @@ function gc ($max_lifetime) {
 			$dt1 = strtotime("$real_now -$max_lifetime seconds");
 			$dt2 = date('Y-m-d H:i:s', $dt1);
 
+			$sql = "DELETE FROM sys_session WHERE last_updated < '$dt2' AND `permanent` != 'y'";
+			$this->db->query($sql);
+			
+			/* delete very old even if they are permanent */
+			$dt1 = strtotime("$real_now -365 days");
+			$dt2 = date('Y-m-d H:i:s', $dt1);
+
 			$sql = "DELETE FROM sys_session WHERE last_updated < '$dt2'";
 			$this->db->query($sql);
 		//}

interface/web/admin/form/system_config.tform.php

@@ -481,6 +481,12 @@
 			'width'  => '30',
 			'maxlength' => '255'
 		),
+		'session_allow_endless' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'CHECKBOX',
+			'default' => 'n',
+			'value'  => array(0 => 'n', 1 => 'y')
+		),
 		//#################################
 		// ENDE Datatable fields
 		//#################################

interface/web/admin/lib/lang/de_system_config.lng

@@ -64,4 +64,5 @@ $wb['customer_no_template_error_regex_txt'] = 'Die Kundennummer-Vorlage enthält
 $wb['customer_no_start_txt'] = 'Kundennummer Startwert';
 $wb['customer_no_counter_txt'] = 'Kundennummer Zähler';
 $wb['session_timeout_txt'] = 'Session-Timeout (Minuten)';
+$wb['session_allow_endless_txt'] = '"Eingeloggt bleiben" aktivieren';
 ?>

interface/web/admin/lib/lang/en_system_config.lng

@@ -64,4 +64,5 @@ $wb['customer_no_template_error_regex_txt'] = 'The customer No. template contain
 $wb['customer_no_start_txt'] = 'Customer No. start value';
 $wb['customer_no_counter_txt'] = 'Customer No. counter';
 $wb['session_timeout_txt'] = 'Session timeout (minutes)';
+$wb['session_allow_endless_txt'] = 'Enable "stay logged in"';
 ?>

interface/web/admin/templates/system_config_misc_edit.htm

@@ -84,6 +84,12 @@ <h2><tmpl_var name="list_head_txt"></h2>
 			<div class="ctrlHolder">
                 <label for="session_timeout">{tmpl_var name='session_timeout_txt'}</label>
                 <input name="session_timeout" id="session_timeout" value="{tmpl_var name='session_timeout'}" size="30" maxlength="255" type="text" class="textInput formLengthHalf" />
+            </div>
+			<div class="ctrlHolder">
+                <p class="label">{tmpl_var name='session_allow_endless_txt'}</p>
+                <div class="multiField">
+                    {tmpl_var name='session_allow_endless'}
+                </div>
             </div>
 			<div class="ctrlHolder">
                 <p class="label">{tmpl_var name='maintenance_mode_txt'}</p>

interface/web/login/index.php

@@ -122,7 +122,7 @@ public function render() {
 						else {
 							die("You don't have the right to 'login as'!");
 						}
-					} elseif($_SESSION['s']['user']['typ'] != 'admin') {
+					} elseif($_SESSION['s']['user']['typ'] != 'admin' && (!isset($_SESSION['s_old']['user']) || $_SESSION['s_old']['user']['typ'] != 'admin')) {
 						/* a reseller wants to 'login as', we need to check if he is allowed to */
 						$res_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
 						$res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $res_client_group_id");
@@ -230,7 +230,6 @@ public function render() {
 								$_SESSION['s']['user']['theme'] = isset($user['app_theme']) ? $user['app_theme'] : 'default';
 								$_SESSION['s']['language'] = $user['language'];
 								$_SESSION["s"]['theme'] = $_SESSION['s']['user']['theme'];
-								$_SESSION['s']['session_timeout'] = $server_config_array['session_timeout'];
 
 								if(is_file($_SESSION['s']['user']['startmodule'].'/lib/module.conf.php')) {
 									include_once $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php';
@@ -318,12 +317,15 @@ public function render() {
 		if($error != ''){
 			$error = '<div class="box box_error"><h1>Error</h1>'.$error.'</div>';
 		}
-
+		
 		$app->tpl->setVar('error', $error);
 		$app->tpl->setVar('pw_lost_txt', $app->lng('pw_lost_txt'));
 		$app->tpl->setVar('username_txt', $app->lng('username_txt'));
 		$app->tpl->setVar('password_txt', $app->lng('password_txt'));
+		$app->tpl->setVar('stay_logged_in_txt', $app->lng('stay_logged_in_txt'));
 		$app->tpl->setVar('login_button_txt', $app->lng('login_button_txt'));
+		$app->tpl->setVar('session_timeout', $server_config_array['session_timeout']);
+		$app->tpl->setVar('session_allow_endless', $server_config_array['session_allow_endless']);
 		$app->tpl->setInclude('content_tpl', 'login/templates/index.htm');
 		$app->tpl_defaults();
 

interface/web/login/lib/lang/de.lng

@@ -22,4 +22,5 @@ $wb['email_txt'] = 'E-Mail';
 $wb['error_maintenance_mode'] = 'Diese ISPConfig Installation wird gerade gewartet. Wir sind in Kürze wieder für Sie da. Vielen Dank für Ihre Geduld.';
 $wb['theme_not_compatible'] = 'Das gewählte Design ist mit dieser ISPConfig Version nicht kompatibel. Bitte prüfen Sie, ob ein Update des Themes verfügbar ist.<br />Es wurde nun automatisch das Standard Design aktiviert.';
 $wb['back_txt'] = 'Zur&uuml;ck';
+$wb['stay_logged_in_txt'] = 'Dauerhaft eingeloggt bleiben';
 ?>