[geeklog-cvs] geeklog: Experimental: Give the user an idea how long they have ...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Thu Oct 29 13:12:20 EDT 2009
changeset 7400:37fcd14cdee2
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/37fcd14cdee2
user: Dirk Haun <dirk at haun-online.de>
date: Thu Oct 29 18:09:46 2009 +0100
description:
Experimental: Give the user an idea how long they have until the security token expires
diffstat:
language/english.php | 3 ++-
language/english_utf-8.php | 3 ++-
public_html/admin/story.php | 13 ++++++++++++-
system/lib-security.php | 27 +++++++++++++++++++++++++++
4 files changed, 43 insertions(+), 3 deletions(-)
diffs (90 lines):
diff -r 5260a7fb13df -r 37fcd14cdee2 language/english.php
--- a/language/english.php Thu Oct 29 14:47:18 2009 +0100
+++ b/language/english.php Thu Oct 29 18:09:46 2009 +0100
@@ -827,7 +827,8 @@
87 => 'Story Stats',
88 => 'Wiki-style format',
89 => 'Meta Description',
- 90 => 'Meta Keywords'
+ 90 => 'Meta Keywords',
+ 91 => 'You have until %s to make changes. After that time, the security token embedded into this page will expire and you will lose your changes. You can always hit "Preview" to extend the expiry time.'
);
diff -r 5260a7fb13df -r 37fcd14cdee2 language/english_utf-8.php
--- a/language/english_utf-8.php Thu Oct 29 14:47:18 2009 +0100
+++ b/language/english_utf-8.php Thu Oct 29 18:09:46 2009 +0100
@@ -827,7 +827,8 @@
87 => 'Story Stats',
88 => 'Wiki-style format',
89 => 'Meta Description',
- 90 => 'Meta Keywords'
+ 90 => 'Meta Keywords',
+ 91 => 'You have until %s to make changes. After that time, the security token embedded into this page will expire and you will lose your changes. You can always hit "Preview" to extend the expiry time.'
);
diff -r 5260a7fb13df -r 37fcd14cdee2 public_html/admin/story.php
--- a/public_html/admin/story.php Thu Oct 29 14:47:18 2009 +0100
+++ b/public_html/admin/story.php Thu Oct 29 18:09:46 2009 +0100
@@ -727,11 +727,22 @@
$story_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$story_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
$story_templates->set_var('gltoken_name', CSRF_TOKEN);
- $story_templates->set_var('gltoken', SEC_createToken());
+ $token = SEC_createToken();
+ $story_templates->set_var('gltoken', $token);
$story_templates->parse('output','editor');
$display .= COM_startBlock ($LANG24[5], '',
COM_getBlockTemplate ('_admin_block', 'header'));
+
+ $expirytime = SEC_getTokenExpiryTime($token);
+ if ($expirytime > 0) {
+ $txt = '<p id="token-expirynotice">' . '' . '</p>';
+ $exptime = '<span id="token-expirytime">'
+ . strftime($_CONF['timeonly'], $expirytime) . '</span>';
+ $display .= '<p id="token-expirynotice">'
+ . sprintf($LANG24[91], $exptime) . '</p>';
+ }
+
$display .= $story_templates->finish($story_templates->get_var('output'));
$display .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'));
diff -r 5260a7fb13df -r 37fcd14cdee2 system/lib-security.php
--- a/system/lib-security.php Thu Oct 29 14:47:18 2009 +0100
+++ b/system/lib-security.php Thu Oct 29 18:09:46 2009 +0100
@@ -1178,6 +1178,33 @@
}
/**
+* Get a token's expiry time
+*
+* @param string $token the token we're looking for
+* @return int UNIX timestamp of the expiry time or 0
+*
+*/
+function SEC_getTokenExpiryTime($token)
+{
+ global $_TABLES, $_USER;
+
+ $retval = 0;
+
+ if (!COM_isAnonUser()) {
+
+ $sql['mysql'] = "SELECT UNIX_TIMESTAMP(DATE_ADD(created, INTERVAL ttl SECOND)) AS expirytime FROM {$_TABLES['tokens']} WHERE (token = '$token') AND (owner_id = '{$_USER['uid']}') AND (ttl > 0)";
+ $sql['mssql'] = "SELECT UNIX_TIMESTAMP(DATEADD(ss, ttl, created)) AS expirytime FROM {$_TABLES['tokens']} WHERE (token = '$token') AND (owner_id = '{$_USER['uid']}') AND (ttl > 0)";
+
+ $result = DB_query($sql);
+ if (DB_numRows($result) == 1) {
+ list($retval) = DB_fetchArray($result);
+ }
+ }
+
+ return $retval;
+}
+
+/**
* Set a cookie using the HttpOnly flag
*
* Use this function to set "important" cookies (session, password, ...).
More information about the geeklog-cvs
mailing list