kevinowino869/mitrobill
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add session expiration settings

Browse Source 
You can now set session expiration in settings -> General Settings -> Miscellaneous

if admin is Idles for more than minutes set, he will required to login again, just for account security concerns.

you can enable or disable
This commit is contained in:
Focuslinkstech 2024-07-27 00:56:48 +01:00
parent 282bf6190c
commit 5a47da013b
4 changed files with 337 additions and 210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
system/autoload/Admin.php
View File

@ -11,35 +11,54 @@ class Admin
public static function getID() public static function getID()
{ {
global $db_password; global $db_password, $config;
if (isset($_SESSION['aid'])) { $enable_session_timeout = $config['enable_session_timeout'];
$session_timeout_duration = $config['session_timeout_duration'] * 60; // Convert minutes to seconds
if (isset($_SESSION['aid']) && isset($_SESSION['aid_expiration']) && $_SESSION['aid_expiration'] > time()) {
return $_SESSION['aid']; return $_SESSION['aid'];
} else if (isset($_COOKIE['aid'])) { } elseif ($enable_session_timeout && isset($_SESSION['aid']) && isset($_SESSION['aid_expiration']) && $_SESSION['aid_expiration'] <= time()) {
self::removeCookie();
session_destroy();
_alert(Lang::T('Session has expired. Please log in again.'), 'danger', "admin");
return 0;
}
// Check if cookie is set and valid
elseif (isset($_COOKIE['aid'])) {
// id.time.sha1 // id.time.sha1
$tmp = explode('.', $_COOKIE['aid']); $tmp = explode('.', $_COOKIE['aid']);
if (sha1($tmp[0] . '.' . $tmp[1] . '.' . $db_password) == $tmp[2]) { if (sha1($tmp[0] . '.' . $tmp[1] . '.' . $db_password) == $tmp[2]) {
if (time() - $tmp[1] < 86400 * 7) { if (time() - $tmp[1] < 86400 * 7) {
$_SESSION['aid'] = $tmp[0]; $_SESSION['aid'] = $tmp[0];
if ($enable_session_timeout) {
$_SESSION['aid_expiration'] = time() + $session_timeout_duration;
}
return $tmp[0]; return $tmp[0];
} }
} }
} }
return 0; return 0;
} }
public static function setCookie($aid) public static function setCookie($aid)
{ {
global $db_password; global $db_password, $config;
$enable_session_timeout = $config['enable_session_timeout'];
$session_timeout_duration = $config['session_timeout_duration'] * 60; // Convert minutes to seconds
if (isset($aid)) { if (isset($aid)) {
$time = time(); $time = time();
$token = $aid . '.' . $time . '.' . sha1($aid . '.' . $time . '.' . $db_password); $token = $aid . '.' . $time . '.' . sha1($aid . '.' . $time . '.' . $db_password);
setcookie('aid', $token, time() + 86400 * 7); setcookie('aid', $token, time() + 86400 * 7);
$_SESSION['aid'] = $aid;
if ($enable_session_timeout) {
$_SESSION['aid_expiration'] = $time + $session_timeout_duration;
}
return $token; return $token;
} }
return ''; return '';
} }
public static function removeCookie() public static function removeCookie()
{ {
if (isset($_COOKIE['aid'])) { if (isset($_COOKIE['aid'])) {

2
system/controllers/settings.php
View File

@ -156,6 +156,8 @@ switch ($action) {
} }
} }
// Save all settings including tax system // Save all settings including tax system
$enable_session_timeout = isset($_POST['enable_session_timeout']) ? 1 : 0;
$_POST['enable_session_timeout'] = $enable_session_timeout;
foreach ($_POST as $key => $value) { foreach ($_POST as $key => $value) {
$d = ORM::for_table('tbl_appconfig')->where('setting', $key)->find_one(); $d = ORM::for_table('tbl_appconfig')->where('setting', $key)->find_one();
if ($d) { if ($d) {

50
ui/ui/app-settings.tpl
View File

@ -586,6 +586,24 @@
{Lang::T('Miscellaneous')} {Lang::T('Miscellaneous')}
</div> </div>
<div class="panel-body"> <div class="panel-body">
<div class="form-group">
<label class="col-md-2 control-label">{Lang::T('Enable Session Timeout')}</label>
<div class="col-md-6">
<label class="switch">
<input type="checkbox" id="enable_session_timeout" value="1" name="enable_session_timeout" {if $_c['enable_session_timeout']==1}checked{/if}>
<span class="slider"></span>
</label>
</div>
<p class="help-block col-md-4">{Lang::T('Logout Admin if not Available/Online a period of time')}</p>
</div>
<div class="form-group" id="timeout_duration_input" style="display: none;">
<label class="col-md-2 control-label">{Lang::T('Timeout Duration')}</label>
<div class="col-md-6">
<input type="number" value="{$_c['session_timeout_duration']}" class="form-control" name="session_timeout_duration" id="session_timeout_duration"
placeholder="{Lang::T('Enter the session timeout duration (minutes)')}" min="1">
</div>
<p class="help-block col-md-4">{Lang::T('Idle Timeout, Logout Admin if Idle for xx minutes')}</p>
</div>
<div class="form-group"> <div class="form-group">
<label class="col-md-2 control-label">{Lang::T('New Version Notification')}</label> <label class="col-md-2 control-label">{Lang::T('New Version Notification')}</label>
<div class="col-md-6"> <div class="col-md-6">
@ -786,6 +804,38 @@ add dst-host=*.{$_domain}</pre>
</div> </div>
</div> </div>
</form> </form>
<script>
document.addEventListener('DOMContentLoaded', function() {
var sectionTimeoutCheckbox = document.getElementById('enable_session_timeout');
var timeoutDurationInput = document.getElementById('timeout_duration_input');
var timeoutDurationField = document.getElementById('session_timeout_duration');
if (sectionTimeoutCheckbox.checked) {
timeoutDurationInput.style.display = 'block';
timeoutDurationField.required = true;
}
sectionTimeoutCheckbox.addEventListener('change', function() {
if (this.checked) {
timeoutDurationInput.style.display = 'block';
timeoutDurationField.required = true;
} else {
timeoutDurationInput.style.display = 'none';
timeoutDurationField.required = false;
}
});
document.querySelector('form').addEventListener('submit', function(event) {
if (sectionTimeoutCheckbox.checked && (!timeoutDurationField.value || isNaN(timeoutDurationField.value))) {
event.preventDefault();
alert('Please enter a valid session timeout duration.');
timeoutDurationField.focus();
}
});
});
</script>
<script> <script>
function testWa() { function testWa() {
var target = prompt("Phone number\nSave First before Test", ""); var target = prompt("Phone number\nSave First before Test", "");

56
ui/ui/sections/header.tpl
View File

@ -189,6 +189,62 @@
.bs-callout-info h4 { .bs-callout-info h4 {
color: #1b809e color: #1b809e
} }
/* Checkbox container */
.switch {
position: relative;
display: inline-block;
width: 50px;
height: 24px;
}
/* Hidden checkbox */
.switch input {
opacity: 0;
width: 0;
height: 0;
}
/* Slider */
.slider {
position: absolute;
cursor: pointer;
top: 0;
left: 0;
right: 0;
bottom: 0;
background-color: #ccc;
-webkit-transition: .4s;
transition: .4s;
border-radius: 24px;
}
.slider:before {
position: absolute;
content: "";
height: 18px;
width: 18px;
left: 3px;
bottom: 3px;
background-color: white;
-webkit-transition: .4s;
transition: .4s;
border-radius: 50%;
}
input:checked+.slider {
background-color: #2196F3;
}
input:focus+.slider {
box-shadow: 0 0 1px #2196F3;
}
input:checked+.slider:before {
-webkit-transform: translateX(26px);
-ms-transform: translateX(26px);
transform: translateX(26px);
}
</style> </style>
{if isset($xheader)} {if isset($xheader)}
{$xheader} {$xheader}