From 7f3d743d2c606612b601bf28e40480f7917668d3 Mon Sep 17 00:00:00 2001
From: Damien Regad <damien.regad@merckgroup.com>
Date: Fri, 23 Mar 2012 15:32:54 +0100
Subject: [PATCH] Fix #4465: Add config to disable 'save login' feature

To increase security, the administrator may want to prevent users from
using a 'permanent' cookie, thus forcing them to authenticate each time
they start a new session.

The new config option 'g_allow_permanent_cookie' enables this.
---
 config_defaults_inc.php |    9 +++++++++
 login_page.php          |    9 ++++++++-
 2 files changed, 17 insertions(+), 1 deletions(-)

diff --git a/config_defaults_inc.php b/config_defaults_inc.php
index 8c5df3d..f03f1f2 100644
--- a/config_defaults_inc.php
+++ b/config_defaults_inc.php
@@ -304,6 +304,15 @@
 	 */
 	$g_max_lost_password_in_progress_count = 3;
 
+	/**
+	 * Allow users to opt for a 'permanent' cookie when logging in
+	 * Controls the display of the 'Remember my login in this browser' checkbox
+	 * on the login page
+	 * @see $g_cookie_time_length
+	 * @global int $g_allow_permanent_cookie
+	 */
+	$g_allow_permanent_cookie = ON;
+
 	/***************************
 	 * MantisBT Email Settings *
 	 ***************************/
diff --git a/login_page.php b/login_page.php
index 9b5edf0..c7b65dc 100644
--- a/login_page.php
+++ b/login_page.php
@@ -139,6 +139,9 @@
 		<input type="password" name="password" size="32" maxlength="<?php echo auth_get_password_max_size(); ?>" />
 	</td>
 </tr>
+<?php
+	if( ON == config_get( 'allow_permanent_cookie' ) ) {
+?>
 <tr class="row-1">
 	<td class="category">
 		<?php echo lang_get( 'save_login' ) ?>
@@ -147,7 +150,11 @@
 	<input type="checkbox" name="perm_login" <?php echo ( $f_perm_login ? 'checked="checked" ' : '' ) ?>/>
 	</td>
 </tr>
-<?php if ( $t_session_validation ) { ?>
+<?php
+	}
+
+	if ( $t_session_validation ) {
+?>
 <tr class="row-2">
 	<td class="category">
 		<?php echo lang_get( 'secure_session' ) ?>
-- 
1.7.5.4