nestict/mitrobill
1
0
Fork 0
forked from kevinowino869/mitrobill
Code Pull Requests Activity

Add session expiration settings

Browse Source 
You can now set session expiration in settings -> General Settings -> Miscellaneous

if admin is Idles for more than minutes set, he will required to login again, just for account security concerns.

you can enable or disable
This commit is contained in:
Focuslinkstech
2024-07-27 00:56:48 +01:00
parent 282bf6190c
commit 5a47da013b
4 changed files with 337 additions and 210 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
system/autoload/Admin.php
View File

@ -11,35 +11,54 @@ class Admin
public static function getID()
{
global $db_password;
if (isset($_SESSION['aid'])) {
global $db_password, $config;
$enable_session_timeout = $config['enable_session_timeout'];
$session_timeout_duration = $config['session_timeout_duration'] * 60; // Convert minutes to seconds
if (isset($_SESSION['aid']) && isset($_SESSION['aid_expiration']) && $_SESSION['aid_expiration'] > time()) {
return $_SESSION['aid'];
} else if (isset($_COOKIE['aid'])) {
} elseif ($enable_session_timeout && isset($_SESSION['aid']) && isset($_SESSION['aid_expiration']) && $_SESSION['aid_expiration'] <= time()) {
self::removeCookie();
session_destroy();
_alert(Lang::T('Session has expired. Please log in again.'), 'danger', "admin");
return 0;
}
// Check if cookie is set and valid
elseif (isset($_COOKIE['aid'])) {
// id.time.sha1
$tmp = explode('.', $_COOKIE['aid']);
if (sha1($tmp[0] . '.' . $tmp[1] . '.' . $db_password) == $tmp[2]) {
if (time() - $tmp[1] < 86400 * 7) {
$_SESSION['aid'] = $tmp[0];
if ($enable_session_timeout) {
$_SESSION['aid_expiration'] = time() + $session_timeout_duration;
}
return $tmp[0];
}
}
}
return 0;
}
public static function setCookie($aid)
{
global $db_password;
global $db_password, $config;
$enable_session_timeout = $config['enable_session_timeout'];
$session_timeout_duration = $config['session_timeout_duration'] * 60; // Convert minutes to seconds
if (isset($aid)) {
$time = time();
$token = $aid . '.' . $time . '.' . sha1($aid . '.' . $time . '.' . $db_password);
setcookie('aid', $token, time() + 86400 * 7);
$_SESSION['aid'] = $aid;
if ($enable_session_timeout) {
$_SESSION['aid_expiration'] = $time + $session_timeout_duration;
}
return $token;
}
return '';
}
public static function removeCookie()
{
if (isset($_COOKIE['aid'])) {