[Openinteract-commits] CVS: OpenInteract/OpenInteract Auth.pm,1.13,1.14

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/openinteract/OpenInteract/OpenInteract
In directory usw-pr-cvs1:/tmp/cvs-serv26657/OpenInteract

Modified Files:
	Auth.pm 
Log Message:
add 'remember_login()' for dealing with the 'remember me' checkbox

Index: Auth.pm
===================================================================
RCS file: /cvsroot/openinteract/OpenInteract/OpenInteract/Auth.pm,v
retrieving revision 1.13
retrieving revision 1.14
diff -C2 -d -r1.13 -r1.14
*** Auth.pm	2001/11/13 04:03:24	1.13
--- Auth.pm	2001/11/20 04:09:53	1.14
***************
*** 52,55 ****
--- 52,56 ----

      $R->{auth}{logged_in} = 1;
+     $class->remember_login;

      my $CONFIG = $R->CONFIG;
***************
*** 171,183 ****
      $R->DEBUG && $R->scrib( 1, "Passwords matched; UID ($user->{user_id})" );

!     # If the user was matched up to a login_name and the password
!     # matched, put the user_id into the session and put the user into
!     # $R. Also, make the expiration transient (expires when browser
!     # closes) unless the user clicked the 'Remember Me' checkbox

-     my $remember_field = $CONFIG->{login}{remember_field};
-     unless ( $R->apache->param( $remember_field ) ) {
-         $R->{session}{expiration} = undef;
-     }
      $R->{session}{user_id} = $user->id;
      return $user;
--- 172,178 ----
      $R->DEBUG && $R->scrib( 1, "Passwords matched; UID ($user->{user_id})" );

!     # Persist the user ID via the session (whether the session is
!     # transient is handled in 'remember_login()')

      $R->{session}{user_id} = $user->id;
      return $user;
***************
*** 185,188 ****
--- 180,197 ----

+ # If we created a user, make the expiration transient unless told otherwise.
+ 
+ sub remember_login {
+     my ( $class ) = @_;
+     my $R = OpenInteract::Request->instance;
+     return unless ( $R->{auth}{user} );
+     return if ( $R->CONFIG->{login}{always_remember} );
+ 
+     my $remember_field = $R->CONFIG->{login}{remember_field};
+     if ( ! $remember_field or ! $R->apache->param( $remember_field )  ) {
+         $R->{session}{expiration} = undef;
+     }
+ }
+ 
  # Create a 'dummy' user

***************
*** 441,451 ****

  Default: Look at the 'login_field' and 'password_field' as set in the
! server configuration under 'login' for the username and password. If
! found and the user is authenticated, check if 'remember_field' is true
! and if so, make the session last for the value found in the server
! configuration under 'session_info'->'expiration'. Otherwise the
! session is transient and only lasts as long as the browser is open.

  Returns: A user object. If you cannot create one, just return undef.

  B<custom_login_failed()>
--- 450,469 ----

  Default: Look at the 'login_field' and 'password_field' as set in the
! server configuration under 'login' for the username and password.

  Returns: A user object. If you cannot create one, just return undef.
+ 
+ B<remember_login()>
+ 
+ Default is to make sessions (along with user identification) transient
+ -- once the browser that created the session is closed, the cookie
+ expires. The user can choose to have the system and their browser
+ remember the session for a longer period of time (specified in the
+ server config key 'session'->'expiration').
+ 
+ This method makes the session non-transient if either the user checks
+ off the 'remember_field' checkbox (the fieldname is specified in the
+ server config key 'login'->'remember_field') or if the server config
+ setting for 'login'->'always_remember' is true.

  B<custom_login_failed()>