Revision history for StayingLoggedIn
Revision [18640]
Last edited on 2008-01-28 00:12:18 by NilsLindenberg [Modified links pointing to docs server]No Differences
Deletions:
if you don't log out, then with a simple
echo "<PRE>_REQUEST =";print_r($_REQUEST)."</PRE>";
you can see the user's username and pass (md5'ed of course)
_REQUEST =Array
(
[skin] => xxxxxx.css
[PHPSESSID] => xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[wikka_user_name] => xxxxxx
[wikka_pass] => xxxxxxxxxxxxxxxxxxxxxxxxxx
)
I think this is called a session likage, anyone knows of a solution to this.
Perhaps a solution to this would be changing the name of the session that a particular wikka installation uses,
The name could be a random number/word passed from md5 this way its unique to each wikka installation.
Also changing the path that the session data are stored maybe helpful. (I have seen discussions on this I think on php.net session_name() or session_start() )
I don't really know the implications of this bug are (maybe its not even a bug), perhaps people can see the session data on shared hosts and that is really what concerns me.
-GiorgosKontopoulos
Additions:
/**
==Maybe a security risk if staying logged in/or while browsing==
if you don't log out, then with a simple
echo "<PRE>_REQUEST =";print_r($_REQUEST)."</PRE>";
you can see the user's username and pass (md5'ed of course)
_REQUEST =Array
(
[skin] => xxxxxx.css
[PHPSESSID] => xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[wikka_user_name] => xxxxxx
[wikka_pass] => xxxxxxxxxxxxxxxxxxxxxxxxxx
)
I think this is called a session likage, anyone knows of a solution to this.
Perhaps a solution to this would be changing the name of the session that a particular wikka installation uses,
The name could be a random number/word passed from md5 this way its unique to each wikka installation.
Also changing the path that the session data are stored maybe helpful. (I have seen discussions on this I think on php.net session_name() or session_start() )
I don't really know the implications of this bug are (maybe its not even a bug), perhaps people can see the session data on shared hosts and that is really what concerns me.
-GiorgosKontopoulos
==Maybe a security risk if staying logged in/or while browsing==
if you don't log out, then with a simple
echo "<PRE>_REQUEST =";print_r($_REQUEST)."</PRE>";
you can see the user's username and pass (md5'ed of course)
_REQUEST =Array
(
[skin] => xxxxxx.css
[PHPSESSID] => xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[wikka_user_name] => xxxxxx
[wikka_pass] => xxxxxxxxxxxxxxxxxxxxxxxxxx
)
I think this is called a session likage, anyone knows of a solution to this.
Perhaps a solution to this would be changing the name of the session that a particular wikka installation uses,
The name could be a random number/word passed from md5 this way its unique to each wikka installation.
Also changing the path that the session data are stored maybe helpful. (I have seen discussions on this I think on php.net session_name() or session_start() )
I don't really know the implications of this bug are (maybe its not even a bug), perhaps people can see the session data on shared hosts and that is really what concerns me.
-GiorgosKontopoulos
Deletions:
Additions:
* @author probably Hendrik Mans
* @author {@link http://wikka.jsnx.com/NilsLindenberg Nils Lindenberg} (choice between cookies)
* @version 2.0
* @input string $user mandatory; name of the user
* @author {@link http://wikka.jsnx.com/NilsLindenberg Nils Lindenberg} (choice between cookies)
* @version 2.0
* @input string $user mandatory; name of the user
Deletions:
* @author {@link http://wikka.jsnx.com/NilsLindenberg Nils Lindenberg} (choice between cookies)
* @version 2.0
* ...
Additions:
==Staying logged-in==
The log-in information is stored in a cookie which expires after 90 days. This is quite comfortable but could be a security risk, if you forget to logout in a i-net caffè ort on a pc used by many people.
{{lastedit}}
It would be better if a user could decide to be logged-out or to stay in.
I stuck some piece of code together. I know that stay_logged_in is a very uncreative name (loged-in with one or two g?), and the code needs someone to look over it. I am for example not sure if an enum in the table would be better. But to my great astonishment, it seems to work. :) --NilsLindenberg
''Two gs: "logged in" (fixed in code samples below - hope I didn't miss any). -- JavaWoman''
1) adding field to user table:
SQL-query:
%%(sql)
ALTER TABLE `wikka_users` ADD `stay_logged_in` ENUM( 'Y', 'N' ) DEFAULT 'N' NOT NULL;
%%
2) adding a table row to show the status of the variable (to ##actions/usersettings.php##):
change
%%(html)
<tr>
<td align="right">Show comments by default:</td>
<td><input type="hidden" name="show_comments" value="N"><input type="checkbox" name="show_comments" value="Y" <?php echo $user["show_comments"] == "Y" ? "checked=\"checked\"" : "" ?> /></td>
</tr>
<tr>
<td align="right">RecentChanges display limit:</td>
<td><input name="changescount" value="<?php echo htmlspecialchars($user["changescount"]) ?>" size="40" /></td>
</tr>
%%
%%(html)
<tr>
<td align="right">Show comments by default:</td>
<td><input type="hidden" name="show_comments" value="N"><input type="checkbox" name="show_comments" value="Y" <?php echo $user["show_comments"] == "Y" ? "checked=\"checked\"" : "" ?> /></td>
</tr>
<tr>
<td align="right">Stay logged-in:</td>
<td><input type="hidden" name="stay_logged_in" value="N"><input type="checkbox" name="stay_logged_in" value="Y" <?php echo $user["stay_logged_in"] == "Y" ? "checked=\"checked\"" : "" ?> /></td>
</tr>
<tr>
<td align="right">RecentChanges display limit:</td>
<td><input name="changescount" value="<?php echo htmlspecialchars($user["changescount"]) ?>" size="40" /></td>
</tr>
%%
3) added the user-table-update in ##actions/usersettings.php##:
change:
%%(php)
$this->Query("update ".$this->config["table_prefix"]."users set ".
"email = '".mysql_real_escape_string($_POST["email"])."', ".
"doubleclickedit = '".mysql_real_escape_string($_POST["doubleclickedit"])."', ".
"show_comments = '".mysql_real_escape_string($_POST["show_comments"])."', ".
"revisioncount = '".mysql_real_escape_string($_POST["revisioncount"])."', ".
"changescount = '".mysql_real_escape_string($_POST["changescount"])."' ".
"where name = '".$user["name"]."' limit 1");
%%
to
%%(php)
$this->Query("update ".$this->config['table_prefix']."users set ".
"email = '".mysql_real_escape_string($_POST['email'])."', ".
"doubleclickedit = '".mysql_real_escape_string($_POST['doubleclickedit'])."', ".
"show_comments = '".mysql_real_escape_string($_POST['show_comments'])."', ".
"stay_logged_in = '".mysql_real_escape_string($_POST['stay_logged_in'])."', ".
"revisioncount = '".mysql_real_escape_string($_POST['revisioncount'])."', ".
"changescount = '".mysql_real_escape_string($_POST['changescount'])."' ".
"where name = '".$user['name']."' limit 1");
%%
4) replace the function ""SetUser()"" in ##wikka.php## with the following one:
%%(php)
/**
* Sets cookie with name and passwort for a given user.
*
* Based on a given username, the name and the passwort of the user are stored
* in a cookie on his computer. A user can choose with the config-option
* "stay_logged_in", if the cookie is valid for a session, or for 90 days.
*
* @package wikka
* @subpackage user
* @name SetUser
*
* @author probably Hendrik Mans
* @author {@link http://wikka.jsnx.com/NilsLindenberg Nils Lindenberg} (choice between cookies)
* @version 2.0
* @since probably wakka 1.0
*
* ...
*/
function SetUser($user)
{
$_SESSION['user'] = $user;
if ($user['stay_logged_in'] == 'Y')
{
$this->SetPersistentCookie('wikka_user_name', $user['name']);
$this->SetPersistentCookie('wikka_pass', $user['password']);
}
else
{
$this->SetSessionCookie('wikka_user_name', $user['name']);
$this->SetSessionCookie('wikka_pass', $user['password']);
}
}
%%
==older discussion==
To be logged-out when you close the browser, change in ##wikka.php##
//see above for the new code//
Perhaps that should be the default and the user should have an "always loged-in" setting?
NilsLindenberg
''This is much more secure yet I think that this should be the user decision to keep the cookie or not through the UserSettings: maybe another field in the wikka_users table?
--ChristianBarthelemy''
''I agree - it's quite common to give a (registered) user a choice between a session cookie and a permanent cookie; such a choice should of course be stored in the user profile in the database. For unregistered visitors only session cookies should be used. --JavaWoman''
- unregistered users need no cookie, because they neither have a username nor a password. :-) NilsLindenberg
~''They may have a (separate) session cookie for a skin though - and that is an important usability/accessibility feature. But of course they can't be logged in :) --JavaWoman''
==off-topic ;-)==
''Might I suggest moving this code/topic to its own page and adding it to CodeContributions. I think it's a useful little add-in and should have its own place now that there's a bit of a solution for the issue. Well done Nils. -- Mike (GmBowen)''
Thank you. But seems like you get to like the different issue-different page think ;-) --NilsLindenberg
ummm, not really. Two things. When there is what I think of as a code solution or proposed code solution that is useful then I think it's useful to then distinguish it in a section of its own because then it's easier for others to find. Your solution was a good one, and so should be recognized as such & be more easily available to the whole community. Secondly, from a server-owner perspective, it can boil down to server-hits & storage space. A continuing discussion on one page where 90% of the content deals with other issues means that every time somebody adds a new note ALL the page is saved....all the content travels out, all the content in, and the whole record each time is stored as latest='N' and disproportionately (relative to the conversation) increases the size of the database (which then affects processing time & amount of server memory utilized & thoughput on the harddrives etc). So, to me, it makes sense to put active discussions like I've described on a separate page so that bandwidth & storage accrues more-or-less just to the topic in discussion and not ALL of the content. (I don't know anything about the wikka server....Jason could be running wikka on a 500celeron box, or on a big one......so for the latter my concerns would not matter, for the former they would....but I tend to err on the side of conservatism (probably the only issue in my life that I do)) Cheers, Mike
"When there is what I think of as a code solution or proposed code solution that is useful then I think it's useful to then distinguish it in a section of its own because then it's easier for others to find." I admit i had to read the sentence three times :-) Nils ''Sorry, I'll try to write more clearly. [I started writing, "less convolutedly" and then realized that didn't help matters]. ; ) -- GmBowen''
----
The log-in information is stored in a cookie which expires after 90 days. This is quite comfortable but could be a security risk, if you forget to logout in a i-net caffè ort on a pc used by many people.
{{lastedit}}
It would be better if a user could decide to be logged-out or to stay in.
I stuck some piece of code together. I know that stay_logged_in is a very uncreative name (loged-in with one or two g?), and the code needs someone to look over it. I am for example not sure if an enum in the table would be better. But to my great astonishment, it seems to work. :) --NilsLindenberg
''Two gs: "logged in" (fixed in code samples below - hope I didn't miss any). -- JavaWoman''
1) adding field to user table:
SQL-query:
%%(sql)
ALTER TABLE `wikka_users` ADD `stay_logged_in` ENUM( 'Y', 'N' ) DEFAULT 'N' NOT NULL;
%%
2) adding a table row to show the status of the variable (to ##actions/usersettings.php##):
change
%%(html)
<tr>
<td align="right">Show comments by default:</td>
<td><input type="hidden" name="show_comments" value="N"><input type="checkbox" name="show_comments" value="Y" <?php echo $user["show_comments"] == "Y" ? "checked=\"checked\"" : "" ?> /></td>
</tr>
<tr>
<td align="right">RecentChanges display limit:</td>
<td><input name="changescount" value="<?php echo htmlspecialchars($user["changescount"]) ?>" size="40" /></td>
</tr>
%%
%%(html)
<tr>
<td align="right">Show comments by default:</td>
<td><input type="hidden" name="show_comments" value="N"><input type="checkbox" name="show_comments" value="Y" <?php echo $user["show_comments"] == "Y" ? "checked=\"checked\"" : "" ?> /></td>
</tr>
<tr>
<td align="right">Stay logged-in:</td>
<td><input type="hidden" name="stay_logged_in" value="N"><input type="checkbox" name="stay_logged_in" value="Y" <?php echo $user["stay_logged_in"] == "Y" ? "checked=\"checked\"" : "" ?> /></td>
</tr>
<tr>
<td align="right">RecentChanges display limit:</td>
<td><input name="changescount" value="<?php echo htmlspecialchars($user["changescount"]) ?>" size="40" /></td>
</tr>
%%
3) added the user-table-update in ##actions/usersettings.php##:
change:
%%(php)
$this->Query("update ".$this->config["table_prefix"]."users set ".
"email = '".mysql_real_escape_string($_POST["email"])."', ".
"doubleclickedit = '".mysql_real_escape_string($_POST["doubleclickedit"])."', ".
"show_comments = '".mysql_real_escape_string($_POST["show_comments"])."', ".
"revisioncount = '".mysql_real_escape_string($_POST["revisioncount"])."', ".
"changescount = '".mysql_real_escape_string($_POST["changescount"])."' ".
"where name = '".$user["name"]."' limit 1");
%%
to
%%(php)
$this->Query("update ".$this->config['table_prefix']."users set ".
"email = '".mysql_real_escape_string($_POST['email'])."', ".
"doubleclickedit = '".mysql_real_escape_string($_POST['doubleclickedit'])."', ".
"show_comments = '".mysql_real_escape_string($_POST['show_comments'])."', ".
"stay_logged_in = '".mysql_real_escape_string($_POST['stay_logged_in'])."', ".
"revisioncount = '".mysql_real_escape_string($_POST['revisioncount'])."', ".
"changescount = '".mysql_real_escape_string($_POST['changescount'])."' ".
"where name = '".$user['name']."' limit 1");
%%
4) replace the function ""SetUser()"" in ##wikka.php## with the following one:
%%(php)
/**
* Sets cookie with name and passwort for a given user.
*
* Based on a given username, the name and the passwort of the user are stored
* in a cookie on his computer. A user can choose with the config-option
* "stay_logged_in", if the cookie is valid for a session, or for 90 days.
*
* @package wikka
* @subpackage user
* @name SetUser
*
* @author probably Hendrik Mans
* @author {@link http://wikka.jsnx.com/NilsLindenberg Nils Lindenberg} (choice between cookies)
* @version 2.0
* @since probably wakka 1.0
*
* ...
*/
function SetUser($user)
{
$_SESSION['user'] = $user;
if ($user['stay_logged_in'] == 'Y')
{
$this->SetPersistentCookie('wikka_user_name', $user['name']);
$this->SetPersistentCookie('wikka_pass', $user['password']);
}
else
{
$this->SetSessionCookie('wikka_user_name', $user['name']);
$this->SetSessionCookie('wikka_pass', $user['password']);
}
}
%%
==older discussion==
To be logged-out when you close the browser, change in ##wikka.php##
//see above for the new code//
Perhaps that should be the default and the user should have an "always loged-in" setting?
NilsLindenberg
''This is much more secure yet I think that this should be the user decision to keep the cookie or not through the UserSettings: maybe another field in the wikka_users table?
--ChristianBarthelemy''
''I agree - it's quite common to give a (registered) user a choice between a session cookie and a permanent cookie; such a choice should of course be stored in the user profile in the database. For unregistered visitors only session cookies should be used. --JavaWoman''
- unregistered users need no cookie, because they neither have a username nor a password. :-) NilsLindenberg
~''They may have a (separate) session cookie for a skin though - and that is an important usability/accessibility feature. But of course they can't be logged in :) --JavaWoman''
==off-topic ;-)==
''Might I suggest moving this code/topic to its own page and adding it to CodeContributions. I think it's a useful little add-in and should have its own place now that there's a bit of a solution for the issue. Well done Nils. -- Mike (GmBowen)''
Thank you. But seems like you get to like the different issue-different page think ;-) --NilsLindenberg
ummm, not really. Two things. When there is what I think of as a code solution or proposed code solution that is useful then I think it's useful to then distinguish it in a section of its own because then it's easier for others to find. Your solution was a good one, and so should be recognized as such & be more easily available to the whole community. Secondly, from a server-owner perspective, it can boil down to server-hits & storage space. A continuing discussion on one page where 90% of the content deals with other issues means that every time somebody adds a new note ALL the page is saved....all the content travels out, all the content in, and the whole record each time is stored as latest='N' and disproportionately (relative to the conversation) increases the size of the database (which then affects processing time & amount of server memory utilized & thoughput on the harddrives etc). So, to me, it makes sense to put active discussions like I've described on a separate page so that bandwidth & storage accrues more-or-less just to the topic in discussion and not ALL of the content. (I don't know anything about the wikka server....Jason could be running wikka on a 500celeron box, or on a big one......so for the latter my concerns would not matter, for the former they would....but I tend to err on the side of conservatism (probably the only issue in my life that I do)) Cheers, Mike
"When there is what I think of as a code solution or proposed code solution that is useful then I think it's useful to then distinguish it in a section of its own because then it's easier for others to find." I admit i had to read the sentence three times :-) Nils ''Sorry, I'll try to write more clearly. [I started writing, "less convolutedly" and then realized that didn't help matters]. ; ) -- GmBowen''
----
Deletions:
The log-in information is stored in a cookie which expires after 90 days. This is quite comfortable but could be a security risk, if you forget to logout in a i-net caffè ort on a pc used by many people.
{{lastedit}}
It would be better if a user could decide to be logged-out or to stay in.
I stuck some piece of code together. I know that stay_logged_in is a very uncreative name (loged-in with one or two g?), and the code needs someone to look over it. I am for example not sure if an enum in the table would be better. But to my great astonishment, it seems to work. :) --NilsLindenberg
''Two gs: "logged in" (fixed in code samples below - hope I didn't miss any). -- JavaWoman''
1) adding field to user table:
SQL-query:
%%(sql)
ALTER TABLE `wikka_users` ADD `stay_logged_in` ENUM( 'Y', 'N' ) DEFAULT 'N' NOT NULL;
%%
2) adding a table row to show the status of the variable (to ##actions/usersettings.php##):
change
%%(html)
<tr>
<td align="right">Show comments by default:</td>
<td><input type="hidden" name="show_comments" value="N"><input type="checkbox" name="show_comments" value="Y" <?php echo $user["show_comments"] == "Y" ? "checked=\"checked\"" : "" ?> /></td>
</tr>
<tr>
<td align="right">RecentChanges display limit:</td>
<td><input name="changescount" value="<?php echo htmlspecialchars($user["changescount"]) ?>" size="40" /></td>
</tr>
%%
%%(html)
<tr>
<td align="right">Show comments by default:</td>
<td><input type="hidden" name="show_comments" value="N"><input type="checkbox" name="show_comments" value="Y" <?php echo $user["show_comments"] == "Y" ? "checked=\"checked\"" : "" ?> /></td>
</tr>
<tr>
<td align="right">Stay logged-in:</td>
<td><input type="hidden" name="stay_logged_in" value="N"><input type="checkbox" name="stay_logged_in" value="Y" <?php echo $user["stay_logged_in"] == "Y" ? "checked=\"checked\"" : "" ?> /></td>
</tr>
<tr>
<td align="right">RecentChanges display limit:</td>
<td><input name="changescount" value="<?php echo htmlspecialchars($user["changescount"]) ?>" size="40" /></td>
</tr>
%%
3) added the user-table-update in ##actions/usersettings.php##:
change:
%%(php)
$this->Query("update ".$this->config["table_prefix"]."users set ".
"email = '".mysql_real_escape_string($_POST["email"])."', ".
"doubleclickedit = '".mysql_real_escape_string($_POST["doubleclickedit"])."', ".
"show_comments = '".mysql_real_escape_string($_POST["show_comments"])."', ".
"revisioncount = '".mysql_real_escape_string($_POST["revisioncount"])."', ".
"changescount = '".mysql_real_escape_string($_POST["changescount"])."' ".
"where name = '".$user["name"]."' limit 1");
%%
to
%%(php)
$this->Query("update ".$this->config['table_prefix']."users set ".
"email = '".mysql_real_escape_string($_POST['email'])."', ".
"doubleclickedit = '".mysql_real_escape_string($_POST['doubleclickedit'])."', ".
"show_comments = '".mysql_real_escape_string($_POST['show_comments'])."', ".
"stay_logged_in = '".mysql_real_escape_string($_POST['stay_logged_in'])."', ".
"revisioncount = '".mysql_real_escape_string($_POST['revisioncount'])."', ".
"changescount = '".mysql_real_escape_string($_POST['changescount'])."' ".
"where name = '".$user['name']."' limit 1");
%%
4) replace the function ""SetUser()"" in ##wikka.php## with the following one:
%%(php)
function SetUser($user)
{
$_SESSION['user'] = $user;
if ($user['stay_logged_in'] == 'Y')
{
$this->SetPersistentCookie('wikka_user_name', $user['name']);
$this->SetPersistentCookie('wikka_pass', $user['password']);
}
else
{
$this->SetSessionCookie('wikka_user_name', $user['name']);
$this->SetSessionCookie('wikka_pass', $user['password']);
}
}
%%
==older discussion==
To be logged-out when you close the browser, change in ##wikka.php##
//see above for the new code//
Perhaps that should be the default and the user should have an "always loged-in" setting?
NilsLindenberg
''This is much more secure yet I think that this should be the user decision to keep the cookie or not through the UserSettings: maybe another field in the wikka_users table?
--ChristianBarthelemy''
''I agree - it's quite common to give a (registered) user a choice between a session cookie and a permanent cookie; such a choice should of course be stored in the user profile in the database. For unregistered visitors only session cookies should be used. --JavaWoman''
- unregistered users need no cookie, because they neither have a username nor a password. :-) NilsLindenberg
~''They may have a (separate) session cookie for a skin though - and that is an important usability/accessibility feature. But of course they can't be logged in :) --JavaWoman''
==off-topic ;-)==
''Might I suggest moving this code/topic to its own page and adding it to CodeContributions. I think it's a useful little add-in and should have its own place now that there's a bit of a solution for the issue. Well done Nils. -- Mike (GmBowen)''
Thank you. But seems like you get to like the different issue-different page think ;-) --NilsLindenberg
ummm, not really. Two things. When there is what I think of as a code solution or proposed code solution that is useful then I think it's useful to then distinguish it in a section of its own because then it's easier for others to find. Your solution was a good one, and so should be recognized as such & be more easily available to the whole community. Secondly, from a server-owner perspective, it can boil down to server-hits & storage space. A continuing discussion on one page where 90% of the content deals with other issues means that every time somebody adds a new note ALL the page is saved....all the content travels out, all the content in, and the whole record each time is stored as latest='N' and disproportionately (relative to the conversation) increases the size of the database (which then affects processing time & amount of server memory utilized & thoughput on the harddrives etc). So, to me, it makes sense to put active discussions like I've described on a separate page so that bandwidth & storage accrues more-or-less just to the topic in discussion and not ALL of the content. (I don't know anything about the wikka server....Jason could be running wikka on a 500celeron box, or on a big one......so for the latter my concerns would not matter, for the former they would....but I tend to err on the side of conservatism (probably the only issue in my life that I do)) Cheers, Mike
"When there is what I think of as a code solution or proposed code solution that is useful then I think it's useful to then distinguish it in a section of its own because then it's easier for others to find." I admit i had to read the sentence three times :-) Nils ''Sorry, I'll try to write more clearly. [I started writing, "less convolutedly" and then realized that didn't help matters]. ; ) -- GmBowen''
----
Revision [5220]
Edited on 2005-01-26 16:59:09 by NilsLindenberg [cookie-names changed to version 1.1.6.0]Additions:
$this->SetPersistentCookie('wikka_user_name', $user['name']);
$this->SetPersistentCookie('wikka_pass', $user['password']);
$this->SetSessionCookie('wikka_user_name', $user['name']);
$this->SetSessionCookie('wikka_pass', $user['password']);
$this->SetPersistentCookie('wikka_pass', $user['password']);
$this->SetSessionCookie('wikka_user_name', $user['name']);
$this->SetSessionCookie('wikka_pass', $user['password']);
Deletions:
$this->SetPersistentCookie('password', $user['password']);
$this->SetSessionCookie('name', $user['name']);
$this->SetSessionCookie('password', $user['password']);
Additions:
CategoryUserContributions
Deletions:
Additions:
It would be better if a user could decide to be logged-out or to stay in.
I stuck some piece of code together. I know that stay_logged_in is a very uncreative name (loged-in with one or two g?), and the code needs someone to look over it. I am for example not sure if an enum in the table would be better. But to my great astonishment, it seems to work. :) --NilsLindenberg
==older discussion==
//see above for the new code//
==off-topic ;-)==
I stuck some piece of code together. I know that stay_logged_in is a very uncreative name (loged-in with one or two g?), and the code needs someone to look over it. I am for example not sure if an enum in the table would be better. But to my great astonishment, it seems to work. :) --NilsLindenberg
==older discussion==
//see above for the new code//
==off-topic ;-)==
Deletions:
I stuck some piece of code together. I know that stay_loged_in is a very uncreative name (loged-in with one or two g?), and the code needs someone to look over it. I am for example not sure if an enum in the table would be better. But to my great astonishment, it seems to work. :) --NilsLindenberg
Revision [3377]
Edited on 2004-12-17 18:28:28 by NilsLindenberg [nother minor edit on the text, no code change]Additions:
2) adding a table row to show the status of the variable (to ##actions/usersettings.php##):
Deletions:
Revision [3376]
Edited on 2004-12-17 18:25:44 by NilsLindenberg [minor correction on the describing text, code unchanged]Additions:
2) adding a table row to show the status of the variable (to ##actions/usersettings.php## after the block with ""<td align="right">Show comments by default:</td>""):
Deletions:
Revision [3374]
Edited on 2004-12-17 17:59:35 by NilsLindenberg [replaced with new code for for having a checkbox instead]Additions:
ALTER TABLE `wikka_users` ADD `stay_logged_in` ENUM( 'Y', 'N' ) DEFAULT 'N' NOT NULL;
change
<td align="right">Show comments by default:</td>
<td><input type="hidden" name="show_comments" value="N"><input type="checkbox" name="show_comments" value="Y" <?php echo $user["show_comments"] == "Y" ? "checked=\"checked\"" : "" ?> /></td>
<td align="right">RecentChanges display limit:</td>
<td><input name="changescount" value="<?php echo htmlspecialchars($user["changescount"]) ?>" size="40" /></td>
<td align="right">Show comments by default:</td>
<td><input type="hidden" name="show_comments" value="N"><input type="checkbox" name="show_comments" value="Y" <?php echo $user["show_comments"] == "Y" ? "checked=\"checked\"" : "" ?> /></td>
<td><input type="hidden" name="stay_logged_in" value="N"><input type="checkbox" name="stay_logged_in" value="Y" <?php echo $user["stay_logged_in"] == "Y" ? "checked=\"checked\"" : "" ?> /></td>
<td align="right">RecentChanges display limit:</td>
<td><input name="changescount" value="<?php echo htmlspecialchars($user["changescount"]) ?>" size="40" /></td>
"stay_logged_in = '".mysql_real_escape_string($_POST['stay_logged_in'])."', ".
"changescount = '".mysql_real_escape_string($_POST['changescount'])."' ".
if ($user['stay_logged_in'] == 'Y')
change
<td align="right">Show comments by default:</td>
<td><input type="hidden" name="show_comments" value="N"><input type="checkbox" name="show_comments" value="Y" <?php echo $user["show_comments"] == "Y" ? "checked=\"checked\"" : "" ?> /></td>
<td align="right">RecentChanges display limit:</td>
<td><input name="changescount" value="<?php echo htmlspecialchars($user["changescount"]) ?>" size="40" /></td>
<td align="right">Show comments by default:</td>
<td><input type="hidden" name="show_comments" value="N"><input type="checkbox" name="show_comments" value="Y" <?php echo $user["show_comments"] == "Y" ? "checked=\"checked\"" : "" ?> /></td>
<td><input type="hidden" name="stay_logged_in" value="N"><input type="checkbox" name="stay_logged_in" value="Y" <?php echo $user["stay_logged_in"] == "Y" ? "checked=\"checked\"" : "" ?> /></td>
<td align="right">RecentChanges display limit:</td>
<td><input name="changescount" value="<?php echo htmlspecialchars($user["changescount"]) ?>" size="40" /></td>
"stay_logged_in = '".mysql_real_escape_string($_POST['stay_logged_in'])."', ".
"changescount = '".mysql_real_escape_string($_POST['changescount'])."' ".
if ($user['stay_logged_in'] == 'Y')
Deletions:
<td><input name="stay_logged_in" value="<?php echo htmlspecialchars($user['stay_logged_in']) ?>" size="40" /></td>
"changescount = '".mysql_real_escape_string($_POST['changescount'])."', ".
"stay_logged_in = '".mysql_real_escape_string($_POST['stay_logged_in'])."' ".
if ($user['stay_logged_in'])
Additions:
//see below for the new code//
Deletions:
function SetUser($user) { $_SESSION["user"] = $user; $this->SetSessionCookie("name", $user["name"]); $this->SetSessionCookie("password", $user["password"]); }
Additions:
if ($user['stay_logged_in'])
Deletions:
Additions:
ummm, not really. Two things. When there is what I think of as a code solution or proposed code solution that is useful then I think it's useful to then distinguish it in a section of its own because then it's easier for others to find. Your solution was a good one, and so should be recognized as such & be more easily available to the whole community. Secondly, from a server-owner perspective, it can boil down to server-hits & storage space. A continuing discussion on one page where 90% of the content deals with other issues means that every time somebody adds a new note ALL the page is saved....all the content travels out, all the content in, and the whole record each time is stored as latest='N' and disproportionately (relative to the conversation) increases the size of the database (which then affects processing time & amount of server memory utilized & thoughput on the harddrives etc). So, to me, it makes sense to put active discussions like I've described on a separate page so that bandwidth & storage accrues more-or-less just to the topic in discussion and not ALL of the content. (I don't know anything about the wikka server....Jason could be running wikka on a 500celeron box, or on a big one......so for the latter my concerns would not matter, for the former they would....but I tend to err on the side of conservatism (probably the only issue in my life that I do)) Cheers, Mike
"When there is what I think of as a code solution or proposed code solution that is useful then I think it's useful to then distinguish it in a section of its own because then it's easier for others to find." I admit i had to read the sentence three times :-) Nils ''Sorry, I'll try to write more clearly. [I started writing, "less convolutedly" and then realized that didn't help matters]. ; ) -- GmBowen''
"When there is what I think of as a code solution or proposed code solution that is useful then I think it's useful to then distinguish it in a section of its own because then it's easier for others to find." I admit i had to read the sentence three times :-) Nils ''Sorry, I'll try to write more clearly. [I started writing, "less convolutedly" and then realized that didn't help matters]. ; ) -- GmBowen''
Deletions:
"When there is what I think of as a code solution or proposed code solution that that is useful then I think it's useful to then distinguish it in a section of its own because then it's easier for others to find." I admitt i had to read the sentence three times :-) Nils
Additions:
"When there is what I think of as a code solution or proposed code solution that that is useful then I think it's useful to then distinguish it in a section of its own because then it's easier for others to find." I admitt i had to read the sentence three times :-) Nils
Revision [3325]
Edited on 2004-12-16 17:36:13 by GmBowen [reply to Nils re: different issue-different page think]Additions:
To be logged-out when you close the browser, change in ##wikka.php##
ummm, not really. Two things. When there is what I think of as a code solution or proposed code solution that that is useful then I think it's useful to then distinguish it in a section of its own because then it's easier for others to find. Your solution was a good one, and so should be recognized as such & be more easily available to the whole community. Secondly, from a server-owner perspective, it can boil down to server-hits & storage space. A continuing discussion on one page where 90% of the content deals with other issues means that every time somebody adds a new note ALL the page is saved....all the content travels out, all the content in, and the whole record each time is stored as latest='N' and disproportionately (relative to the conversation) increases the size of the database (which then affects processing time & amount of server memory utilized & thoughput on the harddrives etc). So, to me, it makes sense to put active discussions like I've described on a separate page so that bandwidth & storage accrues more-or-less just to the topic in discussion and not ALL of the content. (I don't know anything about the wikka server....Jason could be running wikka on a 500celeron box, or on a big one......so for the latter my concerns would not matter, for the former they would....but I tend to err on the side of conservatism (probably the only issue in my life that I do)) Cheers, Mike
ummm, not really. Two things. When there is what I think of as a code solution or proposed code solution that that is useful then I think it's useful to then distinguish it in a section of its own because then it's easier for others to find. Your solution was a good one, and so should be recognized as such & be more easily available to the whole community. Secondly, from a server-owner perspective, it can boil down to server-hits & storage space. A continuing discussion on one page where 90% of the content deals with other issues means that every time somebody adds a new note ALL the page is saved....all the content travels out, all the content in, and the whole record each time is stored as latest='N' and disproportionately (relative to the conversation) increases the size of the database (which then affects processing time & amount of server memory utilized & thoughput on the harddrives etc). So, to me, it makes sense to put active discussions like I've described on a separate page so that bandwidth & storage accrues more-or-less just to the topic in discussion and not ALL of the content. (I don't know anything about the wikka server....Jason could be running wikka on a 500celeron box, or on a big one......so for the latter my concerns would not matter, for the former they would....but I tend to err on the side of conservatism (probably the only issue in my life that I do)) Cheers, Mike
Deletions:
Revision [3323]
Edited on 2004-12-16 16:12:37 by JavaWoman [comment/reply to Nils, minor code fixes]Additions:
~''They may have a (separate) session cookie for a skin though - and that is an important usability/accessibility feature. But of course they can't be logged in :) --JavaWoman''
''Two gs: "logged in" (fixed in code samples below - hope I didn't miss any). -- JavaWoman''
%%(sql)
ALTER TABLE `wikka_users` ADD `stay_logged_in` TINYINT DEFAULT '0' NOT NULL ;
2) adding a table row to show the status of the variable (to ##actions/usersettings.php## after the block with ""<td align="right">Page revisions list limit:</td>""):
<td align="right">Stay logged-in:</td>
<td><input name="stay_logged_in" value="<?php echo htmlspecialchars($user['stay_logged_in']) ?>" size="40" /></td>
$this->Query("update ".$this->config['table_prefix']."users set ".
"email = '".mysql_real_escape_string($_POST['email'])."', ".
"doubleclickedit = '".mysql_real_escape_string($_POST['doubleclickedit'])."', ".
"show_comments = '".mysql_real_escape_string($_POST['show_comments'])."', ".
"revisioncount = '".mysql_real_escape_string($_POST['revisioncount'])."', ".
"changescount = '".mysql_real_escape_string($_POST['changescount'])."', ".
"stay_logged_in = '".mysql_real_escape_string($_POST['stay_logged_in'])."' ".
"where name = '".$user['name']."' limit 1");
4) replace the function ""SetUser()"" in ##wikka.php## with the following one:
$_SESSION['user'] = $user;
if ($user['stay_logged_in"'])
$this->SetPersistentCookie('name', $user['name']);
$this->SetPersistentCookie('password', $user['password']);
$this->SetSessionCookie('name', $user['name']);
$this->SetSessionCookie('password', $user['password']);
CategoryDevelopment
''Two gs: "logged in" (fixed in code samples below - hope I didn't miss any). -- JavaWoman''
%%(sql)
ALTER TABLE `wikka_users` ADD `stay_logged_in` TINYINT DEFAULT '0' NOT NULL ;
2) adding a table row to show the status of the variable (to ##actions/usersettings.php## after the block with ""<td align="right">Page revisions list limit:</td>""):
<td align="right">Stay logged-in:</td>
<td><input name="stay_logged_in" value="<?php echo htmlspecialchars($user['stay_logged_in']) ?>" size="40" /></td>
$this->Query("update ".$this->config['table_prefix']."users set ".
"email = '".mysql_real_escape_string($_POST['email'])."', ".
"doubleclickedit = '".mysql_real_escape_string($_POST['doubleclickedit'])."', ".
"show_comments = '".mysql_real_escape_string($_POST['show_comments'])."', ".
"revisioncount = '".mysql_real_escape_string($_POST['revisioncount'])."', ".
"changescount = '".mysql_real_escape_string($_POST['changescount'])."', ".
"stay_logged_in = '".mysql_real_escape_string($_POST['stay_logged_in'])."' ".
"where name = '".$user['name']."' limit 1");
4) replace the function ""SetUser()"" in ##wikka.php## with the following one:
$_SESSION['user'] = $user;
if ($user['stay_logged_in"'])
$this->SetPersistentCookie('name', $user['name']);
$this->SetPersistentCookie('password', $user['password']);
$this->SetSessionCookie('name', $user['name']);
$this->SetSessionCookie('password', $user['password']);
CategoryDevelopment
Deletions:
2)adding a to show the status of the variable (to ##actions/usersettings.php## after the block with ""<td align="right">Page revisions list limit:</td>""):
<td align="right">Stay loged-in:</td>
<td><input name="stay_loged_in" value="<?php echo htmlspecialchars($user["stay_loged_in"]) ?>" size="40" /></td>
"changescount = '".mysql_real_escape_string($_POST["changescount"])."', ".
"stay_loged_in = '".mysql_real_escape_string($_POST["stay_loged_in"])."' ".
4) replace the function SetUser in ##wikka.php## with the following one:
$_SESSION["user"] = $user;
if ($user["stay_loged_in"])
$this->SetPersistentCookie("name", $user["name"]);
$this->SetPersistentCookie("password", $user["password"]);
$this->SetSessionCookie("name", $user["name"]);
$this->SetSessionCookie("password", $user["password"]);
CategoryDevelopment
Additions:
''Might I suggest moving this code/topic to its own page and adding it to CodeContributions. I think it's a useful little add-in and should have its own place now that there's a bit of a solution for the issue. Well done Nils. -- Mike (GmBowen)''
Thank you. But seems like you get to like the different issue-different page think ;-) --NilsLindenberg
Thank you. But seems like you get to like the different issue-different page think ;-) --NilsLindenberg
