Gossamer Forum
Home : Products : DBMan : Customization :

Kill Session-ID + Date-Format

Quote Reply
Kill Session-ID + Date-Format
I have following Questions:

1.) After a sign-in in DBMAN i have my session-ID. How i can kill the session-Id after a Logoff? The problem is: if i logout and then use the back-button in my browser i can still back into DBMAN with the old session-id. I need a handle to kill the session-id on the user logoff.

2.) How can i change the Date-Format to DD.MM.JJJJ? Iīve try different MODīs but they donīt work at my project.

3.) I need a MOD to change the date-entry: this mean when I modify an database-entry i need to have an button to set the date to today.

Hope for help

bye Kai
Quote Reply
Re: Kill Session-ID + Date-Format In reply to
1) The first question I don't know how to answer other than setting the $auth_time to a lower value. But gauging an "automatic" kill session would be problematic and you would have to re-write the sub auth_logging and sub auth_cleanup routines in the auth.pl file.

2) You would have to edit the sub get_date and sub date_to_unix routines in your db.cgi file, like the following:

Code:
sub get_date {
# --------------------------------------------------------
# Returns the date in the format "dd-mmm-yy".
# Warning: If you change the default format, you must also modify the &date_to_unix
# subroutine below which converts your date format into a unix time in seconds for sorting
# purposes.

$time1 = @_;
($time1) | | ($time1 = time());
my ($sec, $min, $hour, $day, $mon, $year, $dweek, $dyear, $daylight) = localtime($time1);
my (@months) = qw!Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec!;
($day < 10) and ($day = "0$day");
$year = $year + 1900;

return "$day\.$months[$mon]\.$year";
}

AND

Code:
sub date_to_unix {
# --------------------------------------------------------
# This routine must take your date format and return the time a la UNIX time().
# Some things to be careful about..
# int your values just in case to remove spaces, etc.
# catch the fatal error timelocal will generate if you have a bad date..
# don't forget that the month is indexed from 0!
#
my ($date) = $_[0];
my (%months) = ("Jan" => 0, "Feb" => 1, "Mar" => 2, "Apr" => 3, "May" => 4, "Jun" => 5,
"Jul" => 6, "Aug" => 7, "Sep" => 8, "Oct" => 9, "Nov" => 10,"Dec" => 11);
my ($time);
my ($day, $mon, $year) = split(/\./, $_[0]);
unless ($day and $mon and $year) { return undef; }
unless (defined($months{$mon})) { return undef; }

use Time::Local;
eval {
$day = int($day); $year = int($year) - 1900;
$time = timelocal(0,0,0,$day, $months{$mon}, $year);
};
if ($@) { return undef; } # Could return 0 if you want.
return ($time);
}

Note: The bolded codes are the edits you have to make.

3) Add a new field in your db_def hash in your default.cfg file, like the following:

Code:
LastModified => [19, 'date', 12, 15, 1, &get_date, ''],

Make sure that you change 19 to the last field number in your db_def file.

Then you can use the Upgrade.cgi file that is located at the following URL to add this field automatically to your existing database:


Then add the field to your sub html_record_form and sub html_record and/or sub_html_record_long. You would only add this field to the latter two sub-routines if you want this field publicly listed in your search results.

Hope this helps.

Good luck.

Regards,

------------------
Eliot Lee
Anthro TECH,L.L.C
www.anthrotech.com
----------------------


Quote Reply
Re: Kill Session-ID + Date-Format In reply to
OK:
Can i execute the auth_cleanup process with
time = 0 or 1 second at click on the logoff-button? If yes how i must write the code, i am not similar in perl.

If i use the changed code in "get_date" and "date_to_unix" i get a server-error.
My original code is:

sub get_time {
# --------------------------------------------------------
# Returns the time in the format "hh-mm-ss".
#
my ($sec, $min, $hour, $day, $mon, $year, $dweek, $dyear, $daylight) = localtime(time());
($sec < 10) and ($sec = "0$sec");
($min < 10) and ($min = "0$min");
($hour < 10) and ($hour = "0$hour");

return "$hour:$min:$sec";
}

sub get_date {
# --------------------------------------------------------
# Returns the date in the format "dd-mmm-yy".
# Warning: If you change the default format, you must also modify the &date_to_unix
# subroutine below which converts your date format into a unix time in seconds for sorting
# purposes.

my ($sec, $min, $hour, $day, $mon, $year, $dweek, $dyear, $daylight) = localtime(time());
my (@months) = qw!Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec!;
($day < 10) and ($day = "0$day");
$year = $year + 1900;

return "$day-$months[$mon]-$year";

}

sub date_to_unix {
# --------------------------------------------------------
# This routine must take your date format and return the time a la UNIX time().
# Some things to be careful about..
# int your values just in case to remove spaces, etc.
# catch the fatal error timelocal will generate if you have a bad date..
# don't forget that the month is indexed from 0!
#
my ($date) = $_[0];
my (%months) = ("Jan" => 0, "Feb" => 1, "Mar" => 2, "Apr" => 3, "May" => 4, "Jun" => 5,
"Jul" => 6, "Aug" => 7, "Sep" => 8, "Oct" => 9, "Nov" => 10,"Dec" => 11);
my ($time);
my ($day, $mon, $year) = split(/-/, $_[0]);
unless ($day and $mon and $year) { return undef; }
unless (defined($months{$mon})) { return undef; }

use Time::Local;
eval {
$day = int($day); $year = int($year) - 1900;
$time = timelocal(0,0,0,$day, $months{$mon}, $year);
};
if ($@) { return undef; } # Could return 0 if you want.
return ($time);
}


I have a Server-Error too with your MOD "upgrade". First: the perl-path and the permission are right!

You write in your MOD: # You must EDIT YOUR default.cfg script BEFORE entering these
# variable and running this script! ....
What i have to EDIT?

regards

Kai
Quote Reply
Re: Kill Session-ID + Date-Format In reply to
Kai,
Forcing the session id to expire was covered elsewhere on this list, though I can't remember where. As I remember it, simply add to sub main in db.cgi:

unlink ("$auth_dir/$uid");

after the statement

{ &auth_logging('logged off') if ($auth_logging);

Quote Reply
Re: Kill Session-ID + Date-Format In reply to
Like the Mod says, you have to add the field to your db_def hash before executing the upgrade.cgi file. With regards to the server error you are having with the upgrade.cgi:

1) Did you upload the file in ASCII Mode?
2) Are you triple sure that the Perl Path is correct and the path to your default.cfg is correct? Remember that you have to use the physical/local path NOT the virtual address to the default.cfg file.
3) Did you change the permission of the file to 755?

With regards to the date server error...the codes you posted DO NOT show the appropriate code changes I suggested in my original post! Try using the codes I gave and see if it works. Use copy and paste!

Smile

Regards,

------------------
Eliot Lee
Anthro TECH,L.L.C
www.anthrotech.com
----------------------


Quote Reply
Re: Kill Session-ID + Date-Format In reply to
Hi kai Smile

I had this similar problem.. and Katana Man was very helpful with the following infomation..

Quote:
In db.cgi, change this:

elsif ($in{'logoff'}) { &auth_logging('logged off') if ($auth_logging);

to this:


elsif ($in{'logoff'}) { &auth_logging('logged off') if ($auth_logging);unlink ("$auth_dir/$uid");

It worked for me Smile Smile



------------------
-----------
millsie :)
Quote Reply
Re: Kill Session-ID + Date-Format In reply to
I highly recommend that everyone do the above security mod!! It is very easy, and very efficient.

dataKing






------------------
Well that depends what the meaning of "is" is...
Quote Reply
Re: Kill Session-ID + Date-Format In reply to
Fine the "auth"-mod works. It is possible to add a new option "Logoff and close window"? This is very useful if the user use a public place where an other user can use the back-button into the browser. I think itīs possible with java-script, but i donīt no how.

Kai
Quote Reply
Re: Kill Session-ID + Date-Format In reply to
...and one idea more...

or it is possible to clear the browser-history after logoff?

Kai
Quote Reply
Re: Kill Session-ID + Date-Format In reply to
Sorry, this is not right. If the user use the Back-Button into his browser, he can see the previous pages with the full content (eg. search results). If he perform an action in DBMAN he comes to the login error-site.

For this problem, we must clear the browser-history or close the browser-window.

Regards

Kai
Quote Reply
Re: Kill Session-ID + Date-Format In reply to
Kai..

The mod above, clears the auth directory of your $uid.. this means that if someone hits the back button after you hit 'Logoff'.. you will be taken to the 'login error' screen.. which says something like..

'expired session.. etc please log in again'

Atleast this is how it works for me anyhow Smile

------------------
-----------
millsie :)