Experimental: Give the user an idea how long they have until the security token expires
1.1 --- a/language/english.php Thu Oct 29 14:47:18 2009 +0100
1.2 +++ b/language/english.php Thu Oct 29 18:09:46 2009 +0100
1.3 @@ -827,7 +827,8 @@
1.4 87 => 'Story Stats',
1.5 88 => 'Wiki-style format',
1.6 89 => 'Meta Description',
1.7 - 90 => 'Meta Keywords'
1.8 + 90 => 'Meta Keywords',
1.9 + 91 => 'You have until %s to make changes. After that time, the security token embedded into this page will expire and you will lose your changes. You can always hit "Preview" to extend the expiry time.'
1.10 );
1.11
1.12
2.1 --- a/language/english_utf-8.php Thu Oct 29 14:47:18 2009 +0100
2.2 +++ b/language/english_utf-8.php Thu Oct 29 18:09:46 2009 +0100
2.3 @@ -827,7 +827,8 @@
2.4 87 => 'Story Stats',
2.5 88 => 'Wiki-style format',
2.6 89 => 'Meta Description',
2.7 - 90 => 'Meta Keywords'
2.8 + 90 => 'Meta Keywords',
2.9 + 91 => 'You have until %s to make changes. After that time, the security token embedded into this page will expire and you will lose your changes. You can always hit "Preview" to extend the expiry time.'
2.10 );
2.11
2.12
3.1 --- a/public_html/admin/story.php Thu Oct 29 14:47:18 2009 +0100
3.2 +++ b/public_html/admin/story.php Thu Oct 29 18:09:46 2009 +0100
3.3 @@ -727,11 +727,22 @@
3.4 $story_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
3.5 $story_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
3.6 $story_templates->set_var('gltoken_name', CSRF_TOKEN);
3.7 - $story_templates->set_var('gltoken', SEC_createToken());
3.8 + $token = SEC_createToken();
3.9 + $story_templates->set_var('gltoken', $token);
3.10 $story_templates->parse('output','editor');
3.11
3.12 $display .= COM_startBlock ($LANG24[5], '',
3.13 COM_getBlockTemplate ('_admin_block', 'header'));
3.14 +
3.15 + $expirytime = SEC_getTokenExpiryTime($token);
3.16 + if ($expirytime > 0) {
3.17 + $txt = '<p id="token-expirynotice">' . '' . '</p>';
3.18 + $exptime = '<span id="token-expirytime">'
3.19 + . strftime($_CONF['timeonly'], $expirytime) . '</span>';
3.20 + $display .= '<p id="token-expirynotice">'
3.21 + . sprintf($LANG24[91], $exptime) . '</p>';
3.22 + }
3.23 +
3.24 $display .= $story_templates->finish($story_templates->get_var('output'));
3.25 $display .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'));
3.26
4.1 --- a/system/lib-security.php Thu Oct 29 14:47:18 2009 +0100
4.2 +++ b/system/lib-security.php Thu Oct 29 18:09:46 2009 +0100
4.3 @@ -1178,6 +1178,33 @@
4.4 }
4.5
4.6 /**
4.7 +* Get a token's expiry time
4.8 +*
4.9 +* @param string $token the token we're looking for
4.10 +* @return int UNIX timestamp of the expiry time or 0
4.11 +*
4.12 +*/
4.13 +function SEC_getTokenExpiryTime($token)
4.14 +{
4.15 + global $_TABLES, $_USER;
4.16 +
4.17 + $retval = 0;
4.18 +
4.19 + if (!COM_isAnonUser()) {
4.20 +
4.21 + $sql['mysql'] = "SELECT UNIX_TIMESTAMP(DATE_ADD(created, INTERVAL ttl SECOND)) AS expirytime FROM {$_TABLES['tokens']} WHERE (token = '$token') AND (owner_id = '{$_USER['uid']}') AND (ttl > 0)";
4.22 + $sql['mssql'] = "SELECT UNIX_TIMESTAMP(DATEADD(ss, ttl, created)) AS expirytime FROM {$_TABLES['tokens']} WHERE (token = '$token') AND (owner_id = '{$_USER['uid']}') AND (ttl > 0)";
4.23 +
4.24 + $result = DB_query($sql);
4.25 + if (DB_numRows($result) == 1) {
4.26 + list($retval) = DB_fetchArray($result);
4.27 + }
4.28 + }
4.29 +
4.30 + return $retval;
4.31 +}
4.32 +
4.33 +/**
4.34 * Set a cookie using the HttpOnly flag
4.35 *
4.36 * Use this function to set "important" cookies (session, password, ...).