<?php echo 'Timeout'?>

From 8f7ac519b7aaf8ec219862597e878d3a28316ac6 Mon Sep 17 00:00:00 2001 From: Janusz Dobrowolski Date: Sun, 23 Aug 2009 21:06:10 +0000 Subject: [PATCH] Implemented customizable authentication timeout. --- access/login.php | 112 +++++++++++++++++++++++----------- access/timeout.php | 32 ++++++++++ admin/company_preferences.php | 14 ++++- admin/db/company_db.inc | 5 +- includes/current_user.inc | 14 ++++- includes/session.inc | 36 ++++++++++- includes/ui/ui_input.inc | 19 ++++++ sql/alter2.2.php | 2 +- sql/alter2.2.sql | 2 + sql/en_US-demo.sql | 3 +- sql/en_US-new.sql | 3 +- 11 files changed, 195 insertions(+), 47 deletions(-) create mode 100644 access/timeout.php diff --git a/access/login.php b/access/login.php index faad0806..7d4389f6 100644 --- a/access/login.php +++ b/access/login.php @@ -12,7 +12,6 @@ if (!isset($path_to_root) || isset($_GET['path_to_root']) || isset($_POST['path_to_root'])) die(_("Restricted access")); include_once($path_to_root . "/includes/ui/ui_view.inc"); - // Display demo user name and password within login form if "$allow_demo_mode" is true if ($allow_demo_mode == true) { @@ -25,14 +24,20 @@ if (!isset($def_coy)) $def_coy = 0; $def_theme = $path_to_root . '/themes/default'; -?> - - -'.get_js_png_fix().''; ?> + +$ajax_timeout = strstr($_SERVER['PHP_SELF'], 'timeout.php'); + + echo " + "; +if (!$ajax_timeout) { // page header + echo ''; ?> @@ -41,40 +46,53 @@ function defaultCompany() - + + + <?php echo 'Timeout'?> + + + - + +"; diff --git a/sql/alter2.2.php b/sql/alter2.2.php index 63b479f4..9e4eaacb 100644 --- a/sql/alter2.2.php +++ b/sql/alter2.2.php @@ -94,7 +94,7 @@ class fa2_2 { // Test if patch was applied before. // function installed($pref) { - if (check_table($pref, 'company', 'default_delivery_required')) return false; + if (check_table($pref, 'company', 'login_tout')) return false; if (check_table($pref, 'stock_category', 'dflt_dim2')) return false; if (check_table($pref, 'users', 'sticky_doc_date')) return false; if (check_table($pref, 'audit_trail')) return false; diff --git a/sql/alter2.2.sql b/sql/alter2.2.sql index f8848998..49f9fc4d 100644 --- a/sql/alter2.2.sql +++ b/sql/alter2.2.sql @@ -92,3 +92,5 @@ CREATE TABLE `0_security_roles` ( PRIMARY KEY (`id`), UNIQUE KEY `role` (`role`) ) TYPE=MyISAM AUTO_INCREMENT=8 AUTO_INCREMENT=8 ; + +ALTER TABLE `0_company` ADD COLUMN `login_tout` SMALLINT(6) NOT NULL DEFAULT '600'; diff --git a/sql/en_US-demo.sql b/sql/en_US-demo.sql index 2f159948..72d0785c 100644 --- a/sql/en_US-demo.sql +++ b/sql/en_US-demo.sql @@ -409,12 +409,13 @@ CREATE TABLE `0_company` ( `time_zone` tinyint(1) NOT NULL default '0', `add_pct` int(5) NOT NULL default '-1', `round_to` int(5) NOT NULL default '1', + `login_tout` SMALLINT(6) NOT NULL DEFAULT '600', PRIMARY KEY (`coy_code`) ) TYPE=MyISAM ; ### Data of table `0_company` ### -INSERT INTO `0_company` VALUES ('1', 'Training Co.', '9876543', '123456789', '1', '1', 'Address 1\r\nAddress 2\r\nAddress 3', '(222) 111.222.333', '', 'delta@delta.com', 'logo_frontaccounting.jpg', '', 'USD', '1200', '5060', '2100', '5690', '4450', '9990', '3590', '4430', '4010', '4510', '4500', '1510', '5010', '5040', '4010', '1530', '5000', '0', '10', '10', '1000', '20', '20', '30', '1', '2', '0', '0', '0', '1', '0', '0', '', '1', '2.2', '0', '-1', '1'); +INSERT INTO `0_company` VALUES ('1', 'Training Co.', '9876543', '123456789', '1', '1', 'Address 1\r\nAddress 2\r\nAddress 3', '(222) 111.222.333', '', 'delta@delta.com', 'logo_frontaccounting.jpg', '', 'USD', '1200', '5060', '2100', '5690', '4450', '9990', '3590', '4430', '4010', '4510', '4500', '1510', '5010', '5040', '4010', '1530', '5000', '0', '10', '10', '1000', '20', '20', '30', '1', '2', '0', '0', '0', '1', '0', '0', '', '1', '2.2', '0', '-1', '1', '600'); ### Structure of table `0_credit_status` ### diff --git a/sql/en_US-new.sql b/sql/en_US-new.sql index f2efb70e..d2266787 100644 --- a/sql/en_US-new.sql +++ b/sql/en_US-new.sql @@ -392,13 +392,14 @@ CREATE TABLE `0_company` ( `time_zone` tinyint(1) NOT NULL default '0', `add_pct` int(5) NOT NULL default '-1', `round_to` int(5) NOT NULL default '1', + `login_tout` SMALLINT(6) NOT NULL DEFAULT '600', PRIMARY KEY (`coy_code`) ) TYPE=MyISAM ; ### Data of table `0_company` ### -INSERT INTO `0_company` VALUES ('1', 'Company name', '', '', '1', '1', 'N/A', '', '', '', '', '', 'USD', '1200', '5060', '2100', '5690', '4450', '9990', '3590', '4430', '4010', '4510', '4500', '1510', '5010', '5040', '4010', '1530', '5000', '0', '10', '10', '1000', '20', '20', '30', '1', '1', '0', '0', '0', '1', '0', '0', '', '1', '2.2', '0', '-1', '1'); +INSERT INTO `0_company` VALUES ('1', 'Company name', '', '', '1', '1', 'N/A', '', '', '', '', '', 'USD', '1200', '5060', '2100', '5690', '4450', '9990', '3590', '4430', '4010', '4510', '4500', '1510', '5010', '5040', '4010', '1530', '5000', '0', '10', '10', '1000', '20', '20', '30', '1', '1', '0', '0', '0', '1', '0', '0', '', '1', '2.2', '0', '-1', '1', '600'); ### Structure of table `0_credit_status` ### -- 2.30.2

- + + @@ -120,20 +155,25 @@ for ($i = 0; $i < count($db_connections); $i++) - + + +

- - - - - - - - - - + + + "; + + foreach($_SESSION['timeout']['post'] as $p => $val) { + // add all request variables to be resend together with login data + if (!in_array($p, array('ui_mode', 'user_name_entry_field', + 'password', 'SubmitUser', 'company_login_name'))) + echo ""; + } +?>

- + @@ -83,19 +101,26 @@ function defaultCompany() :
">
- :
- - "; + set_focus('user_name_entry_field'); + } else { ?> - -

- - + :
+ + +

+ + @@ -104,11 +129,21 @@ for ($i = 0; $i < count($db_connections); $i++)

- -

+ +

diff --git a/access/timeout.php b/access/timeout.php new file mode 100644 index 00000000..61e28a08 --- /dev/null +++ b/access/timeout.php @@ -0,0 +1,32 @@ +. +***********************************************************************/ +/* + User authentication page popped up after login timeout during ajax call. +*/ +$path_to_root = '..'; +$page_security = 1; +include_once($path_to_root . "/includes/session.inc"); + +include($path_to_root .'/access/login.php'); + +if (get_post('SubmitUser') && $_SESSION['wa_current_user']->logged_in()) { + // After successfull login repeat last ajax call. + // Login form consists all post variables from last ajax call. +echo ""; +} +?> diff --git a/admin/company_preferences.php b/admin/company_preferences.php index 3bd7d05e..74b878e2 100644 --- a/admin/company_preferences.php +++ b/admin/company_preferences.php @@ -26,6 +26,12 @@ if (isset($_POST['update']) && $_POST['update'] != "") $input_error = 0; + if (!check_num('login_tout', 10)) + { + display_error(_("Login timeout must be positive number not less than 10.")); + set_focus('login_tout'); + $input_error = 1; + } if (strlen($_POST['coy_name'])==0) { $input_error = 1; @@ -104,8 +110,10 @@ if (isset($_POST['update']) && $_POST['update'] != "") $_POST['email'], $_POST['coy_logo'], $_POST['domicile'], $_POST['use_dimension'], $_POST['curr_default'], $_POST['f_year'], check_value('no_item_list'), check_value('no_customer_list'), - check_value('no_supplier_list'), $_POST['base_sales'], check_value('time_zone'), $_POST['add_pct'], $_POST['round_to']); - + check_value('no_supplier_list'), $_POST['base_sales'], + check_value('time_zone'), $_POST['add_pct'], $_POST['round_to'], + $_POST['login_tout']); + $_SESSION['wa_current_user']->timeout = $_POST['login_tout']; display_notification_centered(_("Company setup has been updated.")); } set_focus('coy_name'); @@ -139,6 +147,7 @@ $_POST['f_year'] = $myrow["f_year"]; $_POST['time_zone'] = $myrow["time_zone"]; $_POST['version_id'] = $myrow["version_id"]; $_POST['add_pct'] = $myrow['add_pct']; +$_POST['login_tout'] = $myrow['login_tout']; if ($_POST['add_pct'] == -1) $_POST['add_pct'] = ""; $_POST['round_to'] = $myrow['round_to']; @@ -183,6 +192,7 @@ check_row(_("Search Customer List"), 'no_customer_list', null); check_row(_("Search Supplier List"), 'no_supplier_list', null); label_row("", " "); check_row(_("Time Zone on Reports"), 'time_zone', $_POST['time_zone']); +text_row_ex(_("Login Timeout:"), 'login_tout', 10, 10, '', null, null, _('seconds')); label_row(_("Version Id"), $_POST['version_id']); end_outer_table(1); diff --git a/admin/db/company_db.inc b/admin/db/company_db.inc index ed2b18f1..6baa143d 100644 --- a/admin/db/company_db.inc +++ b/admin/db/company_db.inc @@ -66,7 +66,7 @@ function update_company_gl_setup($retained_act, $profit_loss_act, $debtors_act, function update_company_setup($coy_name, $coy_no, $gst_no, $tax_prd, $tax_last, $postal_address, $phone, $fax, $email, $coy_logo, $domicile, $Dimension, $curr_default, $f_year, $no_item_list, $no_customer_list, $no_supplier_list, - $base_sales, $time_zone, $add_pct, $round_to) + $base_sales, $time_zone, $add_pct, $round_to, $login_tout) { if ($f_year == null) $f_year = 0; @@ -89,7 +89,8 @@ function update_company_setup($coy_name, $coy_no, $gst_no, $tax_prd, $tax_last, base_sales=$base_sales, time_zone=$time_zone, add_pct=$add_pct, - round_to=$round_to + round_to=$round_to, + login_tout = ".db_escape($login_tout)." WHERE coy_code=1"; db_query($sql, "The company setup could not be updated "); diff --git a/includes/current_user.inc b/includes/current_user.inc index 53e7855c..ee9e38f0 100644 --- a/includes/current_user.inc +++ b/includes/current_user.inc @@ -22,6 +22,8 @@ class current_user var $company; var $pos; var $access; + var $timeout; + var $last_act; var $logged; var $ui_mode = 0; @@ -30,7 +32,10 @@ class current_user function current_user() { - $this->loginname = $this->username = $this->name = $this->company = ""; + global $def_coy; + + $this->loginname = $this->username = $this->name = ""; + $this->company = isset($def_coy)? $def_coy : 0; $this->logged = false; $this->prefs = new user_prefs(); @@ -66,6 +71,8 @@ class current_user $this->user = @$myrow["id"]; update_user_visitdate($this->username); $this->logged = true; + $this->last_act = time(); + $this->timeout = session_timeout(); } } @@ -147,6 +154,7 @@ function price_format($number) { return number_format2($number, $_SESSION["wa_current_user"]->prefs->price_dec()); } + // 2008-06-15. Added extra parameter $stock_id and reference for $dec //-------------------------------------------------------------------- function qty_format($number, $stock_id=null, &$dec) { @@ -337,4 +345,8 @@ function add_user_js_data() { //-------------------------------------------------------------------------- +function session_timeout() +{ + return get_company_pref('login_tout'); +} ?> \ No newline at end of file diff --git a/includes/session.inc b/includes/session.inc index e327b3bb..dad1c1c9 100644 --- a/includes/session.inc +++ b/includes/session.inc @@ -92,6 +92,20 @@ function strip_quotes($data) return $data; } +//============================================================================ +// +// +function login_timeout() +{ + if ($_SESSION["wa_current_user"]->logged) { + $tout = $_SESSION["wa_current_user"]->timeout; + if ($tout && (time() > $_SESSION["wa_current_user"]->last_act + $tout)) + { + $_SESSION["wa_current_user"]->logged = false; + } + $_SESSION["wa_current_user"]->last_act = time(); + } +} //============================================================================ if (!isset($path_to_root)) { @@ -110,9 +124,13 @@ include_once($path_to_root . "/includes/ajax.inc"); include_once($path_to_root . "/includes/ui/ui_msgs.inc"); /* + Uncomment the setting below when using FA on shared hosting + to avoid unexpeced session timeouts. Make sure this directory exists and is writable! -// $session_save_path = dirname(__FILE__).'/../tmp/'; */ +//ini_set('session.save_path', dirname(__FILE__).'/../tmp/'); + +ini_set('session.gc_maxlifetime', 36000); // 10hrs session_name('FrontAccounting'); session_start(); @@ -157,15 +175,27 @@ set_error_handler('error_handler' /*, errtypes */); if (!isset($_SESSION["wa_current_user"])) $_SESSION["wa_current_user"] = new current_user(); + set_global_connection(); +login_timeout(); + if (!$_SESSION["wa_current_user"]->logged_in()) { // Show login screen if (!isset($_POST["user_name_entry_field"]) or $_POST["user_name_entry_field"] == "") { - include($path_to_root . "/access/login.php"); - $Ajax->redirect($path_to_root . "/access/login.php"); + if (strstr($_SERVER['PHP_SELF'], 'timeout.php') == false) + $_SESSION['timeout'] = array( 'uri'=> $_SERVER['REQUEST_URI'], + 'post' => $_POST); + + if (!in_ajax()) { + include($path_to_root . "/access/login.php"); + } else { + // ajax update of current page elements - open login window in popup + // to not interfere with ajaxified page. + $Ajax->popup($path_to_root . "/access/timeout.php"); + } exit; } else { $succeed = $_SESSION["wa_current_user"]->login($_POST["company_login_name"], diff --git a/includes/ui/ui_input.inc b/includes/ui/ui_input.inc index 483a8851..2ae54e80 100644 --- a/includes/ui/ui_input.inc +++ b/includes/ui/ui_input.inc @@ -394,6 +394,16 @@ function amount_cell($label, $bold=false, $params="", $id=null) label_cell(price_format($label), "nowrap align=right ".$params, $id); } +//JAM Allow entered unit prices to be fractional +function unit_amount_cell($label, $bold=false, $params="", $id=null) +{ + if ($bold) + label_cell("".unit_price_format($label)."", "nowrap align=right ".$params, $id); + else + label_cell(unit_price_format($label), "nowrap align=right ".$params, $id); +} + + function percent_cell($label, $bold=false, $id=null) { if ($bold) @@ -675,6 +685,15 @@ function amount_cells($label, $name, $init=null, $params=null, $post_label=null, amount_cells_ex($label, $name, 15, 15, $init, $params, $post_label, $dec); } +//JAM Allow entered unit prices to be fractional +function unit_amount_cells($label, $name, $init=null, $params=null, $post_label=null, $dec=null) +{ + if (!isset($dec)) + $dec = user_price_dec()+2; + + amount_cells_ex($label, $name, 15, 15, $init, $params, $post_label, $dec+2); +} + function amount_row($label, $name, $init=null, $params=null, $post_label=null, $dec=null) { echo "