From: Marc L. <ma...@ma...> - 2012-10-26 22:12:19
|
Very interesting! On Fri, Oct 26, 2012 at 1:15 PM, <jy...@us...> wrote: > Revision: 43691 > http://tikiwiki.svn.sourceforge.net/tikiwiki/?rev=43691&view=rev > Author: jyhem > Date: 2012-10-26 17:15:25 +0000 (Fri, 26 Oct 2012) > Log Message: > ----------- > [NEW] Feature to prevent multiple simultaneous logins with the same account (useful when customers pay for access) > > Modified Paths: > -------------- > trunk/lib/prefs/login.php > trunk/lib/tikilib.php > trunk/templates/admin/include_login.tpl > trunk/tiki-login.php > trunk/tiki-setup.php > > Modified: trunk/lib/prefs/login.php > =================================================================== > --- trunk/lib/prefs/login.php 2012-10-26 11:24:16 UTC (rev 43690) > +++ trunk/lib/prefs/login.php 2012-10-26 17:15:25 UTC (rev 43691) > @@ -35,6 +35,13 @@ > 'always' => tr('Always'), > ), > ), > + 'login_multiple_forbidden' => array( > + 'name' => tr('Prevent multiple logins from same user'), > + 'description' => tr('User can not login simultaneously from multiple browsers. Admin account is still allowed.'), > + 'type' => 'flag', > + 'default' => 'n', > + 'tags' => array('advanced'), > + ), > ); > } > > > Modified: trunk/lib/tikilib.php > =================================================================== > --- trunk/lib/tikilib.php 2012-10-26 11:24:16 UTC (rev 43690) > +++ trunk/lib/tikilib.php 2012-10-26 17:15:25 UTC (rev 43691) > @@ -2652,13 +2652,34 @@ > $logslib = TikiLib::lib('logs'); > > if ($user === false) $user = ''; > - $delay = 5*60; // 5 minutes > + // If pref login_multiple_forbidden is set, length of tiki_sessions must match real session length to be up to date so we can detect concurrent logins of same user > + if ( $prefs['login_multiple_forbidden'] == 'y' ) { > + $delay = ini_get('session.gc_maxlifetime'); > + } else { // Low value so as to guess who actually is in front of the computer > + $delay = 5*60; // 5 minutes > + } > $oldy = $this->now - $delay; > if ($user != '') { // was the user timeout? > $query = "select count(*) from `tiki_sessions` where `sessionId`=?"; > $cant = $this->getOne($query, array($this->sessionId)); > - if ($cant == 0) > - $logslib->add_log("login", "back", $user, '', '', $this->now); > + if ($cant == 0) { > + if ( $prefs['login_multiple_forbidden'] != 'y' || $user == 'admin' ) { > + // Recover after timeout > + $logslib->add_log("login", "back", $user, '', '', $this->now); > + } else { > + // Prevent multiple sessions for same user > + $query = "SELECT count(*) FROM `tiki_sessions` WHERE `timestamp`<? AND user = ?"; > + $cant = $this->getOne($query, array($oldy,$user)); > + if ($cant == 0) { > + // Recover after timeout (no other session) > + $logslib->add_log("login", "back", $user, '', '', $this->now); > + } else { > + // User has an active session on another browser > + $userlib = TikiLib::lib('user'); > + $userlib->user_logout($user, false, ''); > + } > + } > + } > } > $query = "select * from `tiki_sessions` where `timestamp`<?"; > $result = $this->fetchAll($query, array($oldy)); > > Modified: trunk/templates/admin/include_login.tpl > =================================================================== > --- trunk/templates/admin/include_login.tpl 2012-10-26 11:24:16 UTC (rev 43690) > +++ trunk/templates/admin/include_login.tpl 2012-10-26 17:15:25 UTC (rev 43691) > @@ -109,6 +109,7 @@ > {preference name=desactive_login_autocomplete} > {preference name=feature_challenge} > > + {preference name=login_multiple_forbidden} > {preference name=session_protected} > {preference name=https_login} > {preference name=login_http_basic} > > Modified: trunk/tiki-login.php > =================================================================== > --- trunk/tiki-login.php 2012-10-26 11:24:16 UTC (rev 43690) > +++ trunk/tiki-login.php 2012-10-26 17:15:25 UTC (rev 43691) > @@ -406,6 +406,10 @@ > $error = tra('You are not yet validated'); > break; > > + case USER_ALREADY_LOGGED: > + $error = tra('You are already logged in'); > + break; > + > default: > $error = tra('Invalid username or password'); > } > > Modified: trunk/tiki-setup.php > =================================================================== > --- trunk/tiki-setup.php 2012-10-26 11:24:16 UTC (rev 43690) > +++ trunk/tiki-setup.php 2012-10-26 17:15:25 UTC (rev 43691) > @@ -105,6 +105,11 @@ > $feature_no_cookie = false; > } > > +// Session info needs to be kept up to date if pref login_multiple_forbidden is set > +if ( $prefs['login_multiple_forbidden'] == 'y' ) { > + $tikilib->update_session(); > +} > + > require_once ('lib/setup/cookies.php'); > > if ($prefs['mobile_feature'] === 'y') { > > This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. > > > ------------------------------------------------------------------------------ > The Windows 8 Center > In partnership with Sourceforge > Your idea - your app - 30 days. Get started! > http://windows8center.sourceforge.net/ > what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/ > _______________________________________________ > Tikiwiki-cvs mailing list > Tik...@li... > https://lists.sourceforge.net/lists/listinfo/tikiwiki-cvs -- Marc Laporte http://MarcLaporte.com http://Tiki.org/MarcLaporte http://AvanTech.net |