From eceb7756cfcf117c2a18984291181a84697ed3cd Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Sun, 10 Aug 2014 20:29:43 +0200
Subject: [PATCH] Add possibility to keep logged in with form

Add an option to keep logged in.
Change lifetime of session cookie to 1 year.

See https://github.com/marienfressinaud/FreshRSS/issues/465
---
 app/Controllers/indexController.php |  9 +++++++
 app/i18n/en.php                     |  1 +
 app/i18n/fr.php                     |  1 +
 app/views/index/formLogin.phtml     | 23 +++++++++++-------
 lib/Minz/Session.php                | 37 ++++++++++++++++++++++++-----
 5 files changed, 57 insertions(+), 14 deletions(-)

diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php
index 3119073b8..18b99d0df 100755
--- a/app/Controllers/indexController.php
+++ b/app/Controllers/indexController.php
@@ -298,6 +298,7 @@ class FreshRSS_index_Controller extends Minz_ActionController {
 	public function formLoginAction () {
 		if (Minz_Request::isPost()) {
 			$ok = false;
+			$keep_logged_in = Minz_Request::param('keep_logged_in', false);
 			$nonce = Minz_Session::param('nonce');
 			$username = Minz_Request::param('username', '');
 			$c = Minz_Request::param('challenge', '');
@@ -312,6 +313,11 @@ class FreshRSS_index_Controller extends Minz_ActionController {
 					if ($ok) {
 						Minz_Session::_param('currentUser', $username);
 						Minz_Session::_param('passwordHash', $s);
+						if ($keep_logged_in) {
+							// New cookie with a lifetime of 1 year!
+							Minz_Session::keepCookie(31536000);
+							Minz_Session::regenerateID();
+						}
 					} else {
 						Minz_Log::record('Password mismatch for user ' . $username . ', nonce=' . $nonce . ', c=' . $c, Minz_Log::WARNING);
 					}
@@ -371,6 +377,9 @@ class FreshRSS_index_Controller extends Minz_ActionController {
 		Minz_Session::_param('currentUser');
 		Minz_Session::_param('mail');
 		Minz_Session::_param('passwordHash');
+		Minz_Session::keepCookie(0);
+		Minz_Session::regenerateID();
+
 		Minz_Request::forward(array('c' => 'index', 'a' => 'index'), true);
 	}
 }
diff --git a/app/i18n/en.php b/app/i18n/en.php
index d80299b10..3c55f62a2 100644
--- a/app/i18n/en.php
+++ b/app/i18n/en.php
@@ -3,6 +3,7 @@
 return array (
 	// LAYOUT
 	'login'				=> 'Login',
+	'keep_logged_in'		=> 'Keep me logged in',
 	'login_with_persona'		=> 'Login with Persona',
 	'logout'			=> 'Logout',
 	'search'			=> 'Search words or #tags',
diff --git a/app/i18n/fr.php b/app/i18n/fr.php
index 4be028ac3..63d779471 100644
--- a/app/i18n/fr.php
+++ b/app/i18n/fr.php
@@ -3,6 +3,7 @@
 return array (
 	// LAYOUT
 	'login'				=> 'Connexion',
+	'session_active'		=> 'Rester connecté',
 	'login_with_persona'		=> 'Connexion avec Persona',
 	'logout'			=> 'Déconnexion',
 	'search'			=> 'Rechercher des mots ou des #tags',
diff --git a/app/views/index/formLogin.phtml b/app/views/index/formLogin.phtml
index cc925ea59..f01a950b6 100644
--- a/app/views/index/formLogin.phtml
+++ b/app/views/index/formLogin.phtml
@@ -1,32 +1,39 @@
 <div class="prompt">
-	<h1><?php echo Minz_Translate::t('login'); ?></h1><?php
+	<h1><?php echo _t('login'); ?></h1><?php
 
 	switch (Minz_Configuration::authType()) {
 	case 'form':
 	?><form id="loginForm" method="post" action="<?php echo _url('index', 'formLogin'); ?>">
 		<div>
-			<label for="username"><?php echo Minz_Translate::t('username'); ?></label>
+			<label for="username"><?php echo _t('username'); ?></label>
 			<input type="text" id="username" name="username" size="16" required="required" maxlength="16" pattern="[0-9a-zA-Z]{1,16}" autofocus="autofocus" />
 		</div>
 		<div>
-			<label for="passwordPlain"><?php echo Minz_Translate::t('password'); ?></label>
+			<label for="passwordPlain"><?php echo _t('password'); ?></label>
 				<input type="password" id="passwordPlain" required="required" />
 				<input type="hidden" id="challenge" name="challenge" /><br />
-				<noscript><strong><?php echo Minz_Translate::t('javascript_should_be_activated'); ?></strong></noscript>
+				<noscript><strong><?php echo _t('javascript_should_be_activated'); ?></strong></noscript>
 		</div>
 		<div>
-			<button id="loginButton" type="submit" class="btn btn-important"><?php echo Minz_Translate::t('login'); ?></button>
+			<label class="checkbox" for="keep_logged_in">
+				<input type="checkbox" name="keep_logged_in" id="keep_logged_in" value="1" />
+				<?php echo _t('session_active'); ?>
+			</label>
+			<br />
+		</div>
+		<div>
+			<button id="loginButton" type="submit" class="btn btn-important"><?php echo _t('login'); ?></button>
 		</div>
 	</form><?php
 		break;
 
 	case 'persona':
 		?><p>
-			<?php echo FreshRSS_Themes::icon('login'); ?>
-			<a class="signin" href="#"><?php echo Minz_Translate::t('login_with_persona'); ?></a>
+			<?php echo _i('login'); ?>
+			<a class="signin" href="#"><?php echo _t('login_with_persona'); ?></a>
 		</p><?php
 		break;
 	} ?>
 
-	<p><a href="<?php echo _url('index', 'about'); ?>"><?php echo Minz_Translate::t('about_freshrss'); ?></a></p>
+	<p><a href="<?php echo _url('index', 'about'); ?>"><?php echo _t('about_freshrss'); ?></a></p>
 </div>
diff --git a/lib/Minz/Session.php b/lib/Minz/Session.php
index ddabc4658..c859be2ed 100644
--- a/lib/Minz/Session.php
+++ b/lib/Minz/Session.php
@@ -15,13 +15,15 @@ class Minz_Session {
 	 * Le nom de session est utilisé comme nom pour les cookies et les URLs (i.e. PHPSESSID).
 	 * Il ne doit contenir que des caractères alphanumériques ; il doit être court et descriptif
 	 */
-	public static function init ($name) {
-		// démarre la session
-		session_name ($name);
-		session_set_cookie_params (0, dirname(empty($_SERVER['REQUEST_URI']) ? '/' : dirname($_SERVER['REQUEST_URI'])), null, false, true);
-		session_start ();
+	public static function init($name) {
+		$cookie = session_get_cookie_params();
+		self::keepCookie($cookie['lifetime']);
 
-		if (isset ($_SESSION)) {
+		// démarre la session
+		session_name($name);
+		session_start();
+
+		if (isset($_SESSION)) {
 			self::$session = $_SESSION;
 		}
 	}
@@ -68,4 +70,27 @@ class Minz_Session {
 			Minz_Translate::reset ();
 		}
 	}
+
+
+	/**
+	 * Spécifie la durée de vie des cookies
+	 * @param $l la durée de vie
+	 */
+	public static function keepCookie($l) {
+		$cookie_dir = dirname(
+			empty($_SERVER['SCRIPT_NAME']) ? '' : $_SERVER['SCRIPT_NAME']
+		) . '/';
+		session_set_cookie_params($l, $cookie_dir, $_SERVER['HTTP_HOST'],
+		                          false, true);
+	}
+
+
+	/**
+	 * Régénère un id de session.
+	 * Utile pour appeler session_set_cookie_params après session_start()
+	 */
+	public static function regenerateID() {
+		session_regenerate_id(true);
+	}
+
 }