Changeset 593 for trunk/lib/Auth_SQL.inc.php

Timestamp:

Apr 14, 2017 5:59:29 AM (7 years ago)

Author:

anonymous

Message:

Add notification to user if logged out because of shifting IP address. Minor bugs.

File:

• trunk/lib/Auth_SQL.inc.php (modified) (3 diffs)

trunk/lib/Auth_SQL.inc.php

@@ -667 +667 @@
         } else if (isset($_SESSION['_auth_sql'][$this->_ns]['authenticated']) && true === $_SESSION['_auth_sql'][$this->_ns]['authenticated']) {
             // User is authenticated, but login has expired.
-            if (strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) > (time() - 43200)) {
-                // Only raise message if last session is less than 12 hours old.
-                $app->raiseMsg(sprintf(_("For your safety we logged you out after being idle for %s. Please log in again."), humanTime($this->_params['idle_timeout'], 'hour', '%01.0f')), MSG_NOTICE, __FILE__, __LINE__);
-            }
 
             // Log the reason for login expiration.
             $expire_reasons = array();
+            $user_notified = false;
             if (!isset($_SESSION['_auth_sql'][$this->_ns]['username']) || empty($_SESSION['_auth_sql'][$this->_ns]['username'])) {
                 $expire_reasons[] = 'username not found';
@@ -682 +679 @@
             if (!isset($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) || strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) <= (time() - $this->_params['idle_timeout'])) {
                 $expire_reasons[] = sprintf('idle_timeout expired (%s older than %s seconds ago)', $_SESSION['_auth_sql'][$this->_ns]['last_access_datetime'], $this->_params['idle_timeout']);
+                if (strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) > (time() - 43200)) {
+                    // Only raise message if last session is less than 12 hours old.
+                    // Notify user why they were logged out if they haven't yet been given a reason.
+                    $user_notified || $app->raiseMsg(sprintf(_("For your safety we logged you out after being idle for %s. Please log in again."), humanTime($this->_params['idle_timeout'], 'hour', '%01.0f')), MSG_NOTICE, __FILE__, __LINE__);
+                    $user_notified = true;
+                }
             }
             if (!isset($_SESSION['_auth_sql'][$this->_ns]['remote_ip']) || $_SESSION['_auth_sql'][$this->_ns]['remote_ip'] != getRemoteAddr()) {
@@ -690 +693 @@
                     //   3. the user is connecting from a trusted network (their IP is listed in the trusted_networks)
                     $expire_reasons[] = sprintf('remote_ip not matched (%s != %s)', $_SESSION['_auth_sql'][$this->_ns]['remote_ip'], getRemoteAddr());
+                    // Notify user why they were logged out if they haven't yet been given a reason.
+                    $user_notified || $app->raiseMsg(sprintf(_("For your safety we logged you out because your IP address has changed. Please log in again."), null), MSG_NOTICE, __FILE__, __LINE__);
+                    $user_notified = true;
                 } else {
                     $expire_reasons[] = sprintf('remote_ip not matched but user was exempt from this check (%s != %s)', $_SESSION['_auth_sql'][$this->_ns]['remote_ip'], getRemoteAddr());