? securesite
? securesite-logout-issue.patch
? securesite.module.keep
Index: securesite.inc
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/securesite/Attic/securesite.inc,v
retrieving revision 1.2.2.10
diff -u -p -F^f -r1.2.2.10 securesite.inc
--- securesite.inc	9 May 2007 22:33:20 -0000	1.2.2.10
+++ securesite.inc	2 Oct 2007 23:38:11 -0000
@@ -61,3 +61,45 @@ form { padding: 0; margin: 0; }
   }
 }
 
+/** 
+ * Helper function - send out email
+ */
+function _securesite_mail_password($account) {
+  global $base_url;
+  // E-mail a user a new password.
+  if ($account->uid) {
+    $from = variable_get('site_mail', ini_get('sendmail_from'));
+    
+    // Generate a new password for this user.
+    $pass = user_password();
+    user_save($account, array('pass' => $pass));
+    
+    // Mail new password.
+    $variables = array(
+      '%username' => $account->name,
+      '%site' => variable_get('site_name', 'drupal'),
+      '%login_url' => user_pass_reset_url($account),
+      '%uri' => $base_url,
+      '%uri_brief' => preg_replace('`^https?://`i', '', $base_url),
+      '%mailto' => $account->mail,
+      '%date' => format_date(time()),
+      '%login_uri' => url('user', NULL, NULL, TRUE),
+      '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE),
+       );
+    
+    $subject      = _user_mail_text('pass_subject', $variables);
+    $body         = _user_mail_text('pass_body', $variables);
+    $headers      = "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from";
+    $mail_success = user_mail($account->mail, $subject, $body, $headers);
+    
+    if ($mail_success) {
+      watchdog('user', t('Password mailed to %name at %email.', array('%name' => securesite_theme_placeholder($account->name), '%email' => securesite_theme_placeholder($account->mail))));
+      drupal_set_message(t('Your password and further instructions have been sent to your e-mail address.'));
+    }
+    else {
+      watchdog('user', t('Error mailing password to %name at %email.', array('%name' => securesite_theme_placeholder($account->name), '%email' => securesite_theme_placeholder($account->mail))), WATCHDOG_ERROR);
+      drupal_set_message(t('Unable to send mail. Please contact the site admin.', 'error'));
+    }
+    //nowhere to go!! //securesite_goto();
+  }
+}
Index: securesite.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/securesite/Attic/securesite.module,v
retrieving revision 1.2.2.26
diff -u -p -F^f -r1.2.2.26 securesite.module
--- securesite.module	10 May 2007 08:47:38 -0000	1.2.2.26
+++ securesite.module	2 Oct 2007 23:38:11 -0000
@@ -69,6 +69,13 @@ function securesite_settings() {
     '#description' => t('Name to identify log-in area.'),
   );
 
+  $form['authentication']['securesite_httpauth_session_lifetime'] = array(
+    '#type' => 'textfield',
+    '#title' => t('HTTP Auth Session Lifetime'),
+    '#default_value' => variable_get('securesite_httpauth_session_lifetime', 7200),
+    '#description' => t("Set the lifetime (in seconds) for HTTP Auth sessions.  HTTP Auth sessions older than this value will be automatically cleaned out when cron is run. Explanation: HTTP Auth sessions are typically used to enable access to protected URLs by feed readers and other software.  This access is typically not session-based, so each access results in a new entry in the sessions table, which may cause it to get excessively large."),
+  );
+
   // HTML log-in form settings
   $form['login_form'] = array(
     '#type' => 'fieldset',
@@ -176,12 +183,16 @@ function securesite_init() {
   // Check if user is a guest.
   if ((!empty($guest_name) && $guest_name == $edit['name'] && $guest_pass == $edit['pass']) || $_SESSION['securesite_guest']) {
     // Mark this session to prevent re-login (note: guest can't log out).
+    watchdog('securesite', 'guest login');
     $_SESSION['securesite_guest'] = TRUE;
     return;
   }
   unset($_SESSION['securesite_guest']); // If not a guest make sure to unset guest session.
 
-  $account = user_authenticate($edit['name'], $edit['pass']);
+  if (!$account->uid) {
+    $account = user_authenticate($edit['name'], $edit['pass']);
+    $_SESSION['HTTPAUTH'] = TRUE;
+  }
 
   if ($account->uid && user_access('access site', $account)) {
     // Log-in is successful.
@@ -244,6 +255,17 @@ function securesite_theme_placeholder($t
 }
 
 /**
+ * Implementation of hook_cron.  Deletes HTTPAUTH sessions which are 
+ * older than 2 hours.
+ */
+function securesite_cron() {
+  $now = date('U');
+  $delta = variable_get('securesite_httpauth_session_lifetime', 7200);
+  $threshold = $now - $delta;
+  db_query("DELETE FROM {sessions} WHERE timestamp < %d AND session LIKE 'HTTPAUTH%' ", $threshold);
+}
+
+/**
  * Display authentication dialog and sends password requests.
  */
 function securesite_user_auth() {
@@ -269,42 +291,7 @@ function securesite_user_auth() {
     }
   }
 
-  // E-mail a user a new password.
-  if ($account->uid) {
-    $from = variable_get('site_mail', ini_get('sendmail_from'));
-
-    // Generate a new password for this user.
-    $pass = user_password();
-    user_save($account, array('pass' => $pass));
-
-    // Mail new password.
-    $variables = array(
-      '%username' => $account->name,
-      '%site' => variable_get('site_name', 'drupal'),
-      '%login_url' => user_pass_reset_url($account),
-      '%uri' => $base_url,
-      '%uri_brief' => preg_replace('`^https?://`i', '', $base_url),
-      '%mailto' => $account->mail,
-      '%date' => format_date(time()),
-      '%login_uri' => url('user', NULL, NULL, TRUE),
-      '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE),
-    );
-
-    $subject      = _user_mail_text('pass_subject', $variables);
-    $body         = _user_mail_text('pass_body', $variables);
-    $headers      = "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from";
-    $mail_success = user_mail($account->mail, $subject, $body, $headers);
-
-    if ($mail_success) {
-      watchdog('user', t('Password mailed to %name at %email.', array('%name' => securesite_theme_placeholder($account->name), '%email' => securesite_theme_placeholder($account->mail))));
-      drupal_set_message(t('Your password and further instructions have been sent to your e-mail address.'));
-    }
-    else {
-      watchdog('user', t('Error mailing password to %name at %email.', array('%name' => securesite_theme_placeholder($account->name), '%email' => securesite_theme_placeholder($account->mail))), WATCHDOG_ERROR);
-      drupal_set_message(t('Unable to send mail. Please contact the site admin.', 'error'));
-    }
-    //nowhere to go!! //securesite_goto();
-  }
+  _securesite_mail_password($account);
 
   // Get content for dialog.
   if ($securesite_enabled == 3) {
@@ -328,10 +315,14 @@ function securesite_user_auth() {
       $realm .= $suffix;
     }
 
+    if (!$_SESSION['HTTPAUTH']) {
+      module_invoke_all('exit', request_uri());
+      drupal_goto();
+    }
     header('WWW-Authenticate: Basic realm="'. $realm .'"');
     header('HTTP/1.0 401 Unauthorized');
   }
-
+    
   // Display dialog
   _securesite_dialog_page($content);
   drupal_set_title(t('Log in'));