==Staying logged-in== The log-in information is stored in a cookie which expires after 90 days. This is quite comfortable but could be a security risk, if you forget to logout in a i-net caffè ort on a pc used by many people. {{lastedit}} It would be better if a user could decide to be logged-out or to stay in. I stuck some piece of code together. I know that stay_logged_in is a very uncreative name (loged-in with one or two g?), and the code needs someone to look over it. I am for example not sure if an enum in the table would be better. But to my great astonishment, it seems to work. :) --NilsLindenberg ''Two gs: "logged in" (fixed in code samples below - hope I didn't miss any). -- JavaWoman'' 1) adding field to user table: SQL-query: %%(sql) ALTER TABLE `wikka_users` ADD `stay_logged_in` ENUM( 'Y', 'N' ) DEFAULT 'N' NOT NULL; %% 2) adding a table row to show the status of the variable (to ##actions/usersettings.php##): change %%(html) Show comments by default: /> RecentChanges display limit: " size="40" /> %% %%(html) Show comments by default: /> Stay logged-in: /> RecentChanges display limit: " size="40" /> %% 3) added the user-table-update in ##actions/usersettings.php##: change: %%(php) $this->Query("update ".$this->config["table_prefix"]."users set ". "email = '".mysql_real_escape_string($_POST["email"])."', ". "doubleclickedit = '".mysql_real_escape_string($_POST["doubleclickedit"])."', ". "show_comments = '".mysql_real_escape_string($_POST["show_comments"])."', ". "revisioncount = '".mysql_real_escape_string($_POST["revisioncount"])."', ". "changescount = '".mysql_real_escape_string($_POST["changescount"])."' ". "where name = '".$user["name"]."' limit 1"); %% to %%(php) $this->Query("update ".$this->config['table_prefix']."users set ". "email = '".mysql_real_escape_string($_POST['email'])."', ". "doubleclickedit = '".mysql_real_escape_string($_POST['doubleclickedit'])."', ". "show_comments = '".mysql_real_escape_string($_POST['show_comments'])."', ". "stay_logged_in = '".mysql_real_escape_string($_POST['stay_logged_in'])."', ". "revisioncount = '".mysql_real_escape_string($_POST['revisioncount'])."', ". "changescount = '".mysql_real_escape_string($_POST['changescount'])."' ". "where name = '".$user['name']."' limit 1"); %% 4) replace the function ""SetUser()"" in ##wikka.php## with the following one: %%(php) /** * Sets cookie with name and passwort for a given user. * * Based on a given username, the name and the passwort of the user are stored * in a cookie on his computer. A user can choose with the config-option * "stay_logged_in", if the cookie is valid for a session, or for 90 days. * * @package wikka * @subpackage user * @name SetUser * * @author probably Hendrik Mans * @author {@link http://wikka.jsnx.com/NilsLindenberg Nils Lindenberg} (choice between cookies) * @version 2.0 * @since probably wakka 1.0 * * @input string $user mandatory; name of the user * */ function SetUser($user) { $_SESSION['user'] = $user; if ($user['stay_logged_in'] == 'Y') { $this->SetPersistentCookie('wikka_user_name', $user['name']); $this->SetPersistentCookie('wikka_pass', $user['password']); } else { $this->SetSessionCookie('wikka_user_name', $user['name']); $this->SetSessionCookie('wikka_pass', $user['password']); } } %% ==older discussion== To be logged-out when you close the browser, change in ##wikka.php## //see above for the new code// Perhaps that should be the default and the user should have an "always loged-in" setting? NilsLindenberg ''This is much more secure yet I think that this should be the user decision to keep the cookie or not through the UserSettings: maybe another field in the wikka_users table? --ChristianBarthelemy'' ''I agree - it's quite common to give a (registered) user a choice between a session cookie and a permanent cookie; such a choice should of course be stored in the user profile in the database. For unregistered visitors only session cookies should be used. --JavaWoman'' - unregistered users need no cookie, because they neither have a username nor a password. :-) NilsLindenberg ~''They may have a (separate) session cookie for a skin though - and that is an important usability/accessibility feature. But of course they can't be logged in :) --JavaWoman'' ==off-topic ;-)== ''Might I suggest moving this code/topic to its own page and adding it to CodeContributions. I think it's a useful little add-in and should have its own place now that there's a bit of a solution for the issue. Well done Nils. -- Mike (GmBowen)'' Thank you. But seems like you get to like the different issue-different page think ;-) --NilsLindenberg ummm, not really. Two things. When there is what I think of as a code solution or proposed code solution that is useful then I think it's useful to then distinguish it in a section of its own because then it's easier for others to find. Your solution was a good one, and so should be recognized as such & be more easily available to the whole community. Secondly, from a server-owner perspective, it can boil down to server-hits & storage space. A continuing discussion on one page where 90% of the content deals with other issues means that every time somebody adds a new note ALL the page is saved....all the content travels out, all the content in, and the whole record each time is stored as latest='N' and disproportionately (relative to the conversation) increases the size of the database (which then affects processing time & amount of server memory utilized & thoughput on the harddrives etc). So, to me, it makes sense to put active discussions like I've described on a separate page so that bandwidth & storage accrues more-or-less just to the topic in discussion and not ALL of the content. (I don't know anything about the wikka server....Jason could be running wikka on a 500celeron box, or on a big one......so for the latter my concerns would not matter, for the former they would....but I tend to err on the side of conservatism (probably the only issue in my life that I do)) Cheers, Mike "When there is what I think of as a code solution or proposed code solution that is useful then I think it's useful to then distinguish it in a section of its own because then it's easier for others to find." I admit i had to read the sentence three times :-) Nils ''Sorry, I'll try to write more clearly. [I started writing, "less convolutedly" and then realized that didn't help matters]. ; ) -- GmBowen'' ---- CategoryUserContributions