You are here

function _persistent_login_create_cookie in Persistent Login 6

Same name and namespace in other branches
  1. 7 persistent_login.module \_persistent_login_create_cookie()

Create a Persistent Login cookie.

We're about to set a new PL cookie. If the user already has a PL but $edit['pl_series'] does not exist, they got here because they tried to access a protected page and had to reauthenticate (because $edit['pl_series'] is added by _persistent_login_check(), not by any login form). Clean up the old PL series to avoid junk in the db.

1 call to _persistent_login_create_cookie()
persistent_login_user in ./persistent_login.module
Implementation of hook_user().

File

./persistent_login.module, line 421
Provide a "Remember Me" checkbox in the login form.

Code

function _persistent_login_create_cookie($acct, $edit = array()) {
  $cookie_name = _persistent_login_get_cookie_name();
  if (isset($_COOKIE[$cookie_name]) && !isset($edit['pl_series'])) {
    list($uid, $series, $token) = explode(':', $_COOKIE[$cookie_name]);
    _persistent_login_invalidate('cleanup', "uid = %d AND series = '%s'", $uid, $series);
  }
  $token = drupal_get_token(uniqid(mt_rand(), TRUE));
  $days = variable_get('persistent_login_maxlife', PERSISTENT_LOGIN_MAXLIFE);
  $expires = isset($edit['pl_expires']) ? $edit['pl_expires'] : ($days > 0 ? time() + $days * 86400 : 0);
  $series = isset($edit['pl_series']) ? $edit['pl_series'] : drupal_get_token(uniqid(mt_rand(), TRUE));
  _persistent_login_setcookie($cookie_name, $acct->uid . ':' . $series . ':' . $token, $expires > 0 ? $expires : 2147483647);
  db_query("INSERT INTO {persistent_login} (uid, series, token, expires) VALUES (%d, '%s', '%s', %d)", $acct->uid, $series, $token, $expires);
  if (db_affected_rows() != 1) {
    watchdog('security', 'Persistent Login FAILURE: could not insert (%user, %series, %tok, %expires)', array(
      '%user' => $acct->name,
      '%series' => $series,
      '%tok' => $token,
      '%expires' => $expires,
    ), WATCHDOG_ERROR);
  }
  else {

    // Make sure we only remember the specified number of Persistent Logins per user.
    $maxlogins = variable_get('persistent_login_maxlogins', 10);
    $expires = (int) db_result(db_query_range('SELECT expires FROM {persistent_login} WHERE uid = %d ORDER BY expires DESC', $acct->uid, $maxlogins, 1));
    if ($expires > 0) {
      _persistent_login_invalidate('too many', 'uid = %d AND expires <= %d', $acct->uid, $expires);
    }
  }
}