flash/sakura
flash/sakura
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

revised the session system

Browse source
This commit is contained in:
Pachira 2016-08-07 16:10:27 +02:00
parent 9160013864
commit b666de2151
22 changed files with 323 additions and 310 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

52
app/ActiveUser.php
View file

@ -1,52 +0,0 @@
<?php
/**
* Holds information about the currently active session
* @package Sakura
*/
namespace Sakura;
use Sakura\Perms\Site;
/**
* Information about the current active user and session.
* @package Sakura
* @author Julian van de Groep <me@flash.moe>
*/
class ActiveUser
{
/**
* The user object of the currently active user.
* @var User
*/
public static $user = null;
/**
* The currently active session object.
* @var Session
*/
public static $session = null;
/**
* Attempt to validate a session.
* @param int $userId
* @param string $sessionId
*/
public static function init($userId, $sessionId)
{
// Create a session object
self::$session = new Session($userId, $sessionId);
// Create a user object
$user = User::construct($userId);
// Check if the session exists and check if the user is activated
if (self::$session->validate() > 0
&& !$user->permission(Site::DEACTIVATED)) {
// Assign the user object
self::$user = $user;
} else {
self::$user = User::construct(0);
}
}
}

4
app/BBCode/Tags/NamedQuote.php
View file

@ -6,8 +6,8 @@
namespace Sakura\BBCode\Tags;
use Sakura\ActiveUser;
use Sakura\BBCode\TagBase;
use Sakura\CurrentSession;
use Sakura\Forum\Forum;
use Sakura\Forum\Post;
use Sakura\Perms\Forum as ForumPerms;
@ -36,7 +36,7 @@ class NamedQuote extends TagBase
$post = new Post(intval($matches[2]));
$forum = new Forum($post->forum);
if ($post->id !== 0 && $forum->permission(ForumPerms::VIEW, ActiveUser::$user->id)) {
if ($post->id !== 0 && $forum->permission(ForumPerms::VIEW, CurrentSession::$user->id)) {
$link = route('forums.post', $post->id);
$quoting = "<a href='{$link}' style='color: {$post->poster->colour}'>{$post->poster->username}</a>";

30
app/Controllers/AuthController.php
View file

@ -7,13 +7,12 @@
namespace Sakura\Controllers;
use Sakura\ActionCode;
use Sakura\ActiveUser;
use Sakura\Config;
use Sakura\CurrentSession;
use Sakura\DB;
use Sakura\Net;
use Sakura\Perms\Site;
use Sakura\Router;
use Sakura\Session;
use Sakura\Template;
use Sakura\User;
@ -46,10 +45,8 @@ class AuthController extends Controller
*/
public function logout()
{
if (!ActiveUser::$session->validate()
|| !isset($_REQUEST['s'])
|| $_REQUEST['s'] != session_id()) {
$message = 'Something happened! This probably happened because you went here without being logged in.';
if (!session_check('s')) {
$message = 'Validation failed, this logout attempt was possibly forged.';
$redirect = (isset($_REQUEST['redirect']) ? $_REQUEST['redirect'] : Router::route('main.index'));
Template::vars(compact('message', 'redirect'));
@ -58,7 +55,7 @@ class AuthController extends Controller
}
// Destroy the active session
ActiveUser::$session->destroy();
CurrentSession::stop();
// Return true indicating a successful logout
$message = 'Goodbye!';
@ -144,11 +141,14 @@ class AuthController extends Controller
return Template::render('global/information');
}
// Create a new session
$session = new Session($user->id);
// Generate a session key
$sessionKey = $session->create($remember);
$session = CurrentSession::create(
$user->id,
Net::ip(),
get_country_code(),
clean_string($_SERVER['HTTP_USER_AGENT'] ?? ''),
$remember
);
$cookiePrefix = config('cookie.prefix');
@ -162,7 +162,7 @@ class AuthController extends Controller
// Session ID cookie
setcookie(
"{$cookiePrefix}session",
$sessionKey,
$session->key,
time() + 604800
);
@ -222,7 +222,7 @@ class AuthController extends Controller
}
// Check if authentication is disallowed
if (!isset($_POST['session']) || $_POST['session'] != session_id()) {
if (!session_check()) {
$message = "Your session expired, refreshing the page will most likely fix this!";
Template::vars(compact('message', 'redirect'));
@ -413,7 +413,7 @@ class AuthController extends Controller
$redirect = Router::route('auth.reactivate');
// Validate session
if (!isset($_POST['session']) || $_POST['session'] != session_id()) {
if (!session_check()) {
$message = "Your session expired, refreshing the page will most likely fix this!";
Template::vars(compact('message', 'redirect'));
@ -482,7 +482,7 @@ class AuthController extends Controller
$redirect = Router::route('main.index');
// Validate session
if (!isset($_POST['session']) || $_POST['session'] != session_id()) {
if (!session_check()) {
$message = "Your session expired, refreshing the page will most likely fix this!";
Template::vars(compact('message', 'redirect'));

18
app/Controllers/CommentsController.php
View file

@ -6,9 +6,9 @@
namespace Sakura\Controllers;
use Sakura\ActiveUser;
use Sakura\Comment;
use Sakura\Config;
use Sakura\CurrentSession;
use Sakura\Perms\Site;
/**
@ -26,16 +26,14 @@ class CommentsController extends Controller
*/
public function post($category = '', $reply = 0)
{
$session = $_POST['session'] ?? '';
// Check if the user can comment
if ($session !== session_id()) {
if (session_check()) {
$error = "Your session expired, refresh the page!";
return $this->json(compact('error'));
}
// Check if the user can comment
if (!ActiveUser::$user->permission(Site::CREATE_COMMENTS)) {
if (!CurrentSession::$user->permission(Site::CREATE_COMMENTS)) {
$error = "You aren't allowed to make comments!";
return $this->json(compact('error'));
}
@ -60,7 +58,7 @@ class CommentsController extends Controller
$comment->category = $category;
$comment->time = time();
$comment->reply = (int) $reply;
$comment->user = (int) ActiveUser::$user->id;
$comment->user = (int) CurrentSession::$user->id;
$comment->text = $text;
$comment->save();
@ -76,7 +74,7 @@ class CommentsController extends Controller
public function delete($id = 0)
{
// Check if the user can delete comments
if (!ActiveUser::$user->permission(Site::DELETE_COMMENTS)) {
if (!CurrentSession::$user->permission(Site::DELETE_COMMENTS)) {
$error = "You aren't allowed to delete comments!";
return $this->json(compact('error'));
}
@ -88,7 +86,7 @@ class CommentsController extends Controller
return $this->json(compact('error'));
}
if (ActiveUser::$user->id !== $comment->user) {
if (CurrentSession::$user->id !== $comment->user) {
$error = "You aren't allowed to delete the comments of other people!";
return $this->json(compact('error'));
}
@ -111,7 +109,7 @@ class CommentsController extends Controller
$vote = $vote != 0;
// Check if the user can delete comments
if (!ActiveUser::$user->permission(Site::VOTE_COMMENTS)) {
if (!CurrentSession::$user->permission(Site::VOTE_COMMENTS)) {
$error = "You aren't allowed to vote on comments!";
return $this->json(compact('error'));
}
@ -123,7 +121,7 @@ class CommentsController extends Controller
return $this->json(compact('error'));
}
$comment->vote(ActiveUser::$user->id, $vote);
$comment->vote(CurrentSession::$user->id, $vote);
$upvotes = $comment->upvotes;
$downvotes = $comment->downvotes;

12
app/Controllers/Forum/ForumController.php
View file

@ -6,8 +6,8 @@
namespace Sakura\Controllers\Forum;
use Sakura\ActiveUser;
use Sakura\Config;
use Sakura\CurrentSession;
use Sakura\DB;
use Sakura\Forum\Forum;
use Sakura\Forum\Post;
@ -43,7 +43,7 @@ class ForumController extends Controller
$forum = new Forum($topic->forum);
// Check if we have permission to view it
if (!$forum->permission(ForumPerms::VIEW, ActiveUser::$user->id)) {
if (!$forum->permission(ForumPerms::VIEW, CurrentSession::$user->id)) {
$fetch = DB::table('posts')
->groupBy('topic_id')
->orderByRaw('COUNT(*) DESC')
@ -73,7 +73,7 @@ class ForumController extends Controller
$forum = new Forum($post->forum);
// Check if we have permission to view it
if (!$forum->permission(ForumPerms::VIEW, ActiveUser::$user->id)) {
if (!$forum->permission(ForumPerms::VIEW, CurrentSession::$user->id)) {
$fetch = DB::table('posts')
->orderBy('post_id', 'desc')
->skip(11 + $_n)
@ -124,7 +124,7 @@ class ForumController extends Controller
// Check if the forum exists
if ($forum->id < 0
|| !$forum->permission(ForumPerms::VIEW, ActiveUser::$user->id)) {
|| !$forum->permission(ForumPerms::VIEW, CurrentSession::$user->id)) {
return view('global/information', compact('message', 'redirect'));
}
@ -157,12 +157,12 @@ class ForumController extends Controller
// Check if the forum exists
if ($forum->id < 1
|| !$forum->permission(ForumPerms::VIEW, ActiveUser::$user->id)) {
|| !$forum->permission(ForumPerms::VIEW, CurrentSession::$user->id)) {
$message = "The forum you tried to access does not exist.";
return view('global/information', compact('message', 'redirect'));
}
$forum->trackUpdateAll(ActiveUser::$user->id);
$forum->trackUpdateAll(CurrentSession::$user->id);
$message = 'All topics have been marked as read!';
$redirect = route('forums.forum', $forum->id);

28
app/Controllers/Forum/PostController.php
View file

@ -6,7 +6,7 @@
namespace Sakura\Controllers\Forum;
use Sakura\ActiveUser;
use Sakura\CurrentSession;
use Sakura\DB;
use Sakura\Forum\Forum;
use Sakura\Forum\Post;
@ -35,7 +35,7 @@ class PostController extends Controller
// Check if the forum exists
if ($post->id === 0
|| $topic->id === 0
|| !$forum->permission(ForumPerms::VIEW, ActiveUser::$user->id)) {
|| !$forum->permission(ForumPerms::VIEW, CurrentSession::$user->id)) {
$message = "This post doesn't exist or you don't have access to it!";
$redirect = route('forums.index');
@ -75,7 +75,7 @@ class PostController extends Controller
// Check if the forum exists
if ($post->id === 0
|| $topic->id === 0
|| !$forum->permission(ForumPerms::VIEW, ActiveUser::$user->id)) {
|| !$forum->permission(ForumPerms::VIEW, CurrentSession::$user->id)) {
return "";
}
@ -99,15 +99,15 @@ class PostController extends Controller
// Check permissions
$noAccess = $post->id === 0
|| $topic->id === 0
|| !$forum->permission(ForumPerms::VIEW, ActiveUser::$user->id);
|| !$forum->permission(ForumPerms::VIEW, CurrentSession::$user->id);
$noEdit = (
$post->poster->id === ActiveUser::$user->id
? !ActiveUser::$user->permission(ForumPerms::EDIT_OWN, Perms::FORUM)
: !$forum->permission(ForumPerms::EDIT_ANY, ActiveUser::$user->id)
$post->poster->id === CurrentSession::$user->id
? !CurrentSession::$user->permission(ForumPerms::EDIT_OWN, Perms::FORUM)
: !$forum->permission(ForumPerms::EDIT_ANY, CurrentSession::$user->id)
) || (
$topic->status === 1
&& !$forum->permission(ForumPerms::LOCK, ActiveUser::$user->id)
&& !$forum->permission(ForumPerms::LOCK, CurrentSession::$user->id)
);
// Check if the forum exists
@ -182,7 +182,7 @@ class PostController extends Controller
$post->text = $text;
$post->editTime = time();
$post->editReason = '';
$post->editUser = ActiveUser::$user;
$post->editUser = CurrentSession::$user;
$post = $post->update();
$postLink = route('forums.post', $post->id);
@ -204,15 +204,15 @@ class PostController extends Controller
// Check permissions
$noAccess = $post->id === 0
|| $topic->id === 0
|| !$forum->permission(ForumPerms::VIEW, ActiveUser::$user->id);
|| !$forum->permission(ForumPerms::VIEW, CurrentSession::$user->id);
$noDelete = (
$post->poster->id === ActiveUser::$user->id
? !ActiveUser::$user->permission(ForumPerms::DELETE_OWN, Perms::FORUM)
: !$forum->permission(ForumPerms::DELETE_ANY, ActiveUser::$user->id)
$post->poster->id === CurrentSession::$user->id
? !CurrentSession::$user->permission(ForumPerms::DELETE_OWN, Perms::FORUM)
: !$forum->permission(ForumPerms::DELETE_ANY, CurrentSession::$user->id)
) || (
$topic->status === 1
&& !$forum->permission(ForumPerms::LOCK, ActiveUser::$user->id)
&& !$forum->permission(ForumPerms::LOCK, CurrentSession::$user->id)
);
// Check if the forum exists

40
app/Controllers/Forum/TopicController.php
View file

@ -6,7 +6,7 @@
namespace Sakura\Controllers\Forum;
use Sakura\ActiveUser;
use Sakura\CurrentSession;
use Sakura\Forum\Forum;
use Sakura\Forum\Post;
use Sakura\Forum\Topic;
@ -31,14 +31,14 @@ class TopicController extends Controller
// Check if the forum exists
if ($topic->id === 0
|| !$forum->permission(ForumPerms::VIEW, ActiveUser::$user->id)) {
|| !$forum->permission(ForumPerms::VIEW, CurrentSession::$user->id)) {
$message = "This topic doesn't exist or you don't have access to it!";
$redirect = route('forums.index');
return view('global/information', compact('message', 'redirect'));
}
$topic->trackUpdate(ActiveUser::$user->id);
$topic->trackUpdate(CurrentSession::$user->id);
$topic->viewsUpdate();
return view('forum/topic', compact('forum', 'topic'));
@ -55,7 +55,7 @@ class TopicController extends Controller
$forum = new Forum($topic->forum);
if ($topic->id !== 0
|| $forum->permission(ForumPerms::VIEW, ActiveUser::$user->id)
|| $forum->permission(ForumPerms::VIEW, CurrentSession::$user->id)
|| session_check()) {
return compact('topic', 'forum');
}
@ -78,7 +78,7 @@ class TopicController extends Controller
extract($modBase);
$redirect = route('forums.topic', $topic->id);
if ($forum->permission(ForumPerms::STICKY, ActiveUser::$user->id)) {
if ($forum->permission(ForumPerms::STICKY, CurrentSession::$user->id)) {
$topic->type = $topic->type !== 1 ? 1 : 0;
$topic->update();
$message = $topic->type
@ -106,7 +106,7 @@ class TopicController extends Controller
extract($modBase);
$redirect = route('forums.topic', $topic->id);
if ($forum->permission(ForumPerms::ANNOUNCEMENT, ActiveUser::$user->id)) {
if ($forum->permission(ForumPerms::ANNOUNCEMENT, CurrentSession::$user->id)) {
$topic->type = $topic->type !== 2 ? 2 : 0;
$topic->update();
$message = $topic->type
@ -134,7 +134,7 @@ class TopicController extends Controller
extract($modBase);
$redirect = route('forums.topic', $topic->id);
if ($forum->permission(ForumPerms::LOCK, ActiveUser::$user->id)) {
if ($forum->permission(ForumPerms::LOCK, CurrentSession::$user->id)) {
$topic->status = $topic->status !== 1 ? 1 : 0;
$topic->update();
$message = ($topic->status ? 'Locked' : 'Unlocked') . ' the topic!';
@ -163,7 +163,7 @@ class TopicController extends Controller
// Check if we're operating from the trash
if ($topic->forum === $trash) {
if ($forum->permission(ForumPerms::DELETE_ANY, ActiveUser::$user->id)) {
if ($forum->permission(ForumPerms::DELETE_ANY, CurrentSession::$user->id)) {
$topic->delete();
$message = "Deleted the topic!";
$redirect = route('forums.forum', $trash);
@ -173,7 +173,7 @@ class TopicController extends Controller
} else {
$redirect = route('forums.topic', $topic->id);
if ($forum->permission(ForumPerms::MOVE, ActiveUser::$user->id)) {
if ($forum->permission(ForumPerms::MOVE, CurrentSession::$user->id)) {
$topic->move($trash);
$message = "Moved the topic to the trash!";
} else {
@ -200,7 +200,7 @@ class TopicController extends Controller
extract($modBase);
$redirect = route('forums.topic', $topic->id);
if ($forum->permission(ForumPerms::MOVE, ActiveUser::$user->id)) {
if ($forum->permission(ForumPerms::MOVE, CurrentSession::$user->id)) {
if ($topic->oldForum) {
$topic->move($topic->oldForum, false);
@ -231,11 +231,11 @@ class TopicController extends Controller
extract($modBase);
$redirect = route('forums.topic', $topic->id);
if ($forum->permission(ForumPerms::MOVE, ActiveUser::$user->id)) {
if ($forum->permission(ForumPerms::MOVE, CurrentSession::$user->id)) {
$dest_forum = new Forum($_REQUEST['forum_id'] ?? 0);
if ($dest_forum->id === 0
|| $dest_forum->permission(ForumPerms::VIEW, ActiveUser::$user->id)) {
|| $dest_forum->permission(ForumPerms::VIEW, CurrentSession::$user->id)) {
$topic->move($dest_forum->id);
$message = "Moved to the topic to {$dest_forum->name}!";
@ -268,7 +268,7 @@ class TopicController extends Controller
// Check if the topic exists
if ($topic->id === 0
|| $forum->type !== 0
|| !$forum->permission(ForumPerms::VIEW, ActiveUser::$user->id)) {
|| !$forum->permission(ForumPerms::VIEW, CurrentSession::$user->id)) {
$message = "This post doesn't exist or you don't have access to it!";
$redirect = route('forums.index');
@ -276,10 +276,10 @@ class TopicController extends Controller
}
// Check if the topic exists
if (!$forum->permission(ForumPerms::REPLY, ActiveUser::$user->id)
if (!$forum->permission(ForumPerms::REPLY, CurrentSession::$user->id)
|| (
$topic->status === 1
&& !$forum->permission(ForumPerms::LOCK, ActiveUser::$user->id)
&& !$forum->permission(ForumPerms::LOCK, CurrentSession::$user->id)
)) {
$message = "You are not allowed to post in this topic!";
$redirect = route('forums.topic', $topic->id);
@ -321,7 +321,7 @@ class TopicController extends Controller
$post = Post::create(
"Re: {$topic->title}",
$text,
ActiveUser::$user,
CurrentSession::$user,
$topic->id,
$forum->id
);
@ -349,9 +349,9 @@ class TopicController extends Controller
// Check if the forum exists
if ($forum->id === 0
|| $forum->type !== 0
|| !$forum->permission(ForumPerms::VIEW, ActiveUser::$user->id)
|| !$forum->permission(ForumPerms::REPLY, ActiveUser::$user->id)
|| !$forum->permission(ForumPerms::CREATE_THREADS, ActiveUser::$user->id)) {
|| !$forum->permission(ForumPerms::VIEW, CurrentSession::$user->id)
|| !$forum->permission(ForumPerms::REPLY, CurrentSession::$user->id)
|| !$forum->permission(ForumPerms::CREATE_THREADS, CurrentSession::$user->id)) {
$message = "This forum doesn't exist or you don't have access to it!";
$redirect = route('forums.index');
@ -409,7 +409,7 @@ class TopicController extends Controller
$post = Post::create(
$title,
$text,
ActiveUser::$user,
CurrentSession::$user,
0,
$forum->id
);

14
app/Controllers/FriendsController.php
View file

@ -6,7 +6,7 @@
namespace Sakura\Controllers;
use Sakura\ActiveUser;
use Sakura\CurrentSession;
use Sakura\Notification;
use Sakura\Perms\Site;
use Sakura\Router;
@ -48,12 +48,10 @@ class FriendsController extends Controller
*/
public function add($id = 0)
{
$user = ActiveUser::$user;
$session = $_POST['session'] ?? '';
$user = CurrentSession::$user;
// Check if the user can comment
if ($session !== session_id()) {
if (session_check()) {
$error = "Your session expired, refresh the page!";
return $this->json(compact('error'));
}
@ -112,12 +110,10 @@ class FriendsController extends Controller
*/
public function remove($id = 0)
{
$user = ActiveUser::$user;
$session = $_POST['session'] ?? '';
$user = CurrentSession::$user;
// Check if the user can comment
if ($session !== session_id()) {
if (session_check()) {
$error = "Your session expired, refresh the page!";
return $this->json(compact('error'));
}

8
app/Controllers/NotificationsController.php
View file

@ -6,7 +6,7 @@
namespace Sakura\Controllers;
use Sakura\ActiveUser;
use Sakura\CurrentSession;
use Sakura\Notification;
use Sakura\Perms\Site;
@ -23,7 +23,7 @@ class NotificationsController extends Controller
*/
public function notifications()
{
return $this->json(ActiveUser::$user->notifications());
return $this->json(CurrentSession::$user->notifications());
}
/**
@ -35,7 +35,7 @@ class NotificationsController extends Controller
public function mark($id = 0)
{
// Check permission
if (ActiveUser::$user->permission(Site::DEACTIVATED)) {
if (CurrentSession::$user->permission(Site::DEACTIVATED)) {
return '0';
}
@ -43,7 +43,7 @@ class NotificationsController extends Controller
$alert = new Notification($id);
// Verify that the currently authed user is the one this alert is for
if ($alert->user !== ActiveUser::$user->id) {
if ($alert->user !== CurrentSession::$user->id) {
return '0';
}

11
app/Controllers/PremiumController.php
View file

@ -7,8 +7,8 @@
namespace Sakura\Controllers;
use Exception;
use Sakura\ActiveUser;
use Sakura\Config;
use Sakura\CurrentSession;
use Sakura\Payments;
use Sakura\Perms\Site;
use Sakura\Router;
@ -56,13 +56,12 @@ class PremiumController extends Controller
public function purchase()
{
// Get values from post
$session = isset($_POST['session']) ? $_POST['session'] : '';
$months = isset($_POST['months']) ? $_POST['months'] : 0;
// Check if the session is valid
if ($session !== session_id()
|| ActiveUser::$user->permission(Site::DEACTIVATED)
|| !ActiveUser::$user->permission(Site::OBTAIN_PREMIUM)) {
if (!session_check()
|| CurrentSession::$user->permission(Site::DEACTIVATED)
|| !CurrentSession::$user->permission(Site::OBTAIN_PREMIUM)) {
$message = "You are not allowed to get premium!";
$redirect = Router::route('premium.index');
@ -157,7 +156,7 @@ class PremiumController extends Controller
return header("Location: {$failRoute}");
}
ActiveUser::$user->addPremium(self::PERIOD_PER_PAYMENT * $months);
CurrentSession::$user->addPremium(self::PERIOD_PER_PAYMENT * $months);
return header("Location: {$successRoute}");
}

38
app/Controllers/Settings/AccountController.php
View file

@ -6,7 +6,7 @@
namespace Sakura\Controllers\Settings;
use Sakura\ActiveUser;
use Sakura\CurrentSession;
use Sakura\DB;
use Sakura\Perms\Site;
@ -24,7 +24,7 @@ class AccountController extends Controller
public function profile()
{
// Check permission
if (!ActiveUser::$user->permission(Site::ALTER_PROFILE)) {
if (!CurrentSession::$user->permission(Site::ALTER_PROFILE)) {
$message = "You aren't allowed to edit your profile!";
$redirect = route('settings.index');
return view('global/information', compact('message', 'redirect'));
@ -50,7 +50,7 @@ class AccountController extends Controller
}
DB::table('users')
->where('user_id', ActiveUser::$user->id)
->where('user_id', CurrentSession::$user->id)
->update($save);
// Birthdays
@ -75,7 +75,7 @@ class AccountController extends Controller
}
DB::table('users')
->where('user_id', ActiveUser::$user->id)
->where('user_id', CurrentSession::$user->id)
->update([
'user_birthday' => $birthdate,
]);
@ -96,7 +96,7 @@ class AccountController extends Controller
public function email()
{
// Check permission
if (!ActiveUser::$user->permission(Site::CHANGE_EMAIL)) {
if (!CurrentSession::$user->permission(Site::CHANGE_EMAIL)) {
$message = "You aren't allowed to change your e-mail address.";
$redirect = route('settings.index');
return view('global/information', compact('message', 'redirect'));
@ -128,7 +128,7 @@ class AccountController extends Controller
return view('global/information', compact('redirect', 'message'));
}
ActiveUser::$user->setMail($email);
CurrentSession::$user->setMail($email);
$message = 'Changed your e-mail address!';
return view('global/information', compact('redirect', 'message'));
@ -144,7 +144,7 @@ class AccountController extends Controller
public function username()
{
// Check permission
if (!ActiveUser::$user->permission(Site::CHANGE_USERNAME)) {
if (!CurrentSession::$user->permission(Site::CHANGE_USERNAME)) {
$message = "You aren't allowed to change your username.";
$redirect = route('settings.index');
return view('global/information', compact('redirect', 'message'));
@ -176,7 +176,7 @@ class AccountController extends Controller
->get();
// Check if anything was returned
if ($getOld && $getOld[0]->user_id != ActiveUser::$user->id) {
if ($getOld && $getOld[0]->user_id != CurrentSession::$user->id) {
$message = "The username you tried to use is reserved, try again later!";
return view('global/information', compact('redirect', 'message'));
}
@ -192,7 +192,7 @@ class AccountController extends Controller
return view('global/information', compact('redirect', 'message'));
}
ActiveUser::$user->setUsername($username, $username_clean);
CurrentSession::$user->setUsername($username, $username_clean);
$message = "Changed your username!";
return view('global/information', compact('redirect', 'message'));
@ -208,7 +208,7 @@ class AccountController extends Controller
public function title()
{
// Check permission
if (!ActiveUser::$user->permission(Site::CHANGE_USERTITLE)) {
if (!CurrentSession::$user->permission(Site::CHANGE_USERTITLE)) {
$message = "You aren't allowed to change your title.";
$redirect = route('settings.index');
return view('global/information', compact('redirect', 'message'));
@ -224,14 +224,14 @@ class AccountController extends Controller
return view('global/information', compact('redirect', 'message'));
}
if ($title === ActiveUser::$user->title) {
if ($title === CurrentSession::$user->title) {
$message = "This is already your title!";
return view('global/information', compact('redirect', 'message'));
}
// Update database
DB::table('users')
->where('user_id', ActiveUser::$user->id)
->where('user_id', CurrentSession::$user->id)
->update([
'user_title' => $title,
]);
@ -250,7 +250,7 @@ class AccountController extends Controller
public function password()
{
// Check permission
if (!ActiveUser::$user->permission(Site::CHANGE_PASSWORD)) {
if (!CurrentSession::$user->permission(Site::CHANGE_PASSWORD)) {
$message = "You aren't allowed to change your password.";
$redirect = route('settings.index');
return view('global/information', compact('redirect', 'message'));
@ -263,7 +263,7 @@ class AccountController extends Controller
$redirect = route('settings.account.password');
// Check current password
if (!password_verify($current, ActiveUser::$user->password)) {
if (!password_verify($current, CurrentSession::$user->password)) {
$message = "Your password was invalid!";
return view('global/information', compact('redirect', 'message'));
}
@ -274,7 +274,7 @@ class AccountController extends Controller
return view('global/information', compact('redirect', 'message'));
}
ActiveUser::$user->setPassword($password);
CurrentSession::$user->setPassword($password);
$message = "Changed your password!";
return view('global/information', compact('redirect', 'message'));
@ -290,7 +290,7 @@ class AccountController extends Controller
public function ranks()
{
// Check permission
if (!ActiveUser::$user->permission(Site::ALTER_RANKS)) {
if (!CurrentSession::$user->permission(Site::ALTER_RANKS)) {
$message = "You aren't allowed to manage your ranks.";
$redirect = route('settings.index');
return view('global/information', compact('redirect', 'message'));
@ -311,7 +311,7 @@ class AccountController extends Controller
$redirect = route('settings.account.ranks');
// Check if user has this rank
if (!ActiveUser::$user->hasRanks([$rank])) {
if (!CurrentSession::$user->hasRanks([$rank])) {
$message = "You aren't a part of this rank!";
return view('global/information', compact('redirect', 'message'));
}
@ -322,13 +322,13 @@ class AccountController extends Controller
return view('global/information', compact('redirect', 'message'));
}
ActiveUser::$user->removeRanks([$rank]);
CurrentSession::$user->removeRanks([$rank]);
$message = "Removed the rank from your account!";
return view('global/information', compact('redirect', 'message'));
}
ActiveUser::$user->setMainRank($rank);
CurrentSession::$user->setMainRank($rank);
$message = "Changed your main rank!";
return view('global/information', compact('redirect', 'message'));

35
app/Controllers/Settings/AdvancedController.php
View file

@ -6,9 +6,9 @@
namespace Sakura\Controllers\Settings;
use Sakura\ActiveUser;
use Sakura\DB;
use Sakura\CurrentSession;
use Sakura\Perms\Site;
use Sakura\Session;
/**
* Advanced settings.
@ -24,7 +24,7 @@ class AdvancedController extends Controller
public function sessions()
{
// Check permission
if (!ActiveUser::$user->permission(Site::MANAGE_SESSIONS)) {
if (!CurrentSession::$user->permission(Site::MANAGE_SESSIONS)) {
$message = "You aren't allowed to manage sessions.";
$redirect = route('settings.index');
return view('global/information', compact('message', 'redirect'));
@ -38,21 +38,16 @@ class AdvancedController extends Controller
// End all sessions
if ($all) {
DB::table('sessions')
->where('user_id', ActiveUser::$user->id)
->delete();
CurrentSession::$user->purgeSessions();
$message = "Deleted all active session associated with your account!";
return view('global/information', compact('message', 'redirect'));
}
// Create the session statement
$session = DB::table('sessions')
->where('user_id', ActiveUser::$user->id)
->where('session_id', $id);
$session = new Session($id);
// Check if the session exists
if (!$session->count()) {
if ($session->id < 1 || $session->user !== CurrentSession::$user->id) {
$message = "This session doesn't exist!";
return view('global/information', compact('message', 'redirect'));
}
@ -64,10 +59,8 @@ class AdvancedController extends Controller
return view('global/information', compact('message', 'redirect'));
}
$sessions = DB::table('sessions')
->where('user_id', ActiveUser::$user->id)
->get();
$active = ActiveUser::$session->sessionId;
$sessions = CurrentSession::$user->sessions();
$active = CurrentSession::$session->id;
return view('settings/advanced/sessions', compact('sessions', 'active'));
}
@ -79,7 +72,7 @@ class AdvancedController extends Controller
public function deactivate()
{
// Check permission
if (!ActiveUser::$user->permission(Site::DEACTIVATE_ACCOUNT)) {
if (!CurrentSession::$user->permission(Site::DEACTIVATE_ACCOUNT)) {
$message = "You aren't allowed to deactivate your account.";
return view('global/information', compact('message', 'redirect'));
}
@ -90,18 +83,18 @@ class AdvancedController extends Controller
$redirect = route('settings.advanced.deactivate');
// Check password
if (!ActiveUser::$user->verifyPassword($password)) {
if (!CurrentSession::$user->verifyPassword($password)) {
$message = "Your password was invalid!";
return view('global/information', compact('message', 'redirect'));
}
// Deactivate account
ActiveUser::$user->removeRanks(array_keys(ActiveUser::$user->ranks));
ActiveUser::$user->addRanks([1]);
ActiveUser::$user->setMainRank(1);
CurrentSession::$user->removeRanks(array_keys(CurrentSession::$user->ranks));
CurrentSession::$user->addRanks([1]);
CurrentSession::$user->setMainRank(1);
// Destroy all active sessions
ActiveUser::$session->destroyAll();
CurrentSession::$user->purgeSessions();
$redirect = route('main.index');
$message = "Farewell!";

28
app/Controllers/Settings/AppearanceController.php
View file

@ -6,7 +6,7 @@
namespace Sakura\Controllers\Settings;
use Sakura\ActiveUser;
use Sakura\CurrentSession;
use Sakura\DB;
use Sakura\File;
use Sakura\Perms\Site;
@ -85,13 +85,13 @@ class AppearanceController extends Controller
return "Your image is not allowed to be larger than {$maxSizeFmt}!";
}
$userId = ActiveUser::$user->id;
$userId = CurrentSession::$user->id;
$ext = image_type_to_extension($meta[2]);
$filename = "{$mode}_{$userId}{$ext}";
// Create the file
$file = File::create(file_get_contents($tmpName), $filename, ActiveUser::$user);
$file = File::create(file_get_contents($tmpName), $filename, CurrentSession::$user);
// Delete the old file
$this->deleteFile($mode);
@ -100,7 +100,7 @@ class AppearanceController extends Controller
// Save new avatar
DB::table('users')
->where('user_id', ActiveUser::$user->id)
->where('user_id', CurrentSession::$user->id)
->update([
$column => $file->id,
]);
@ -114,7 +114,7 @@ class AppearanceController extends Controller
*/
public function deleteFile($mode)
{
$fileId = ActiveUser::$user->{$mode};
$fileId = CurrentSession::$user->{$mode};
if ($fileId) {
(new File($fileId))->delete();
@ -128,7 +128,7 @@ class AppearanceController extends Controller
public function avatar()
{
// Check permission
if (!ActiveUser::$user->permission(Site::CHANGE_AVATAR)) {
if (!CurrentSession::$user->permission(Site::CHANGE_AVATAR)) {
$message = "You aren't allowed to change your avatar.";
$redirect = route('settings.index');
return view('global/information', compact('message', 'redirect'));
@ -159,7 +159,7 @@ class AppearanceController extends Controller
public function background()
{
// Check permission
if (!ActiveUser::$user->permission(Site::CHANGE_BACKGROUND)) {
if (!CurrentSession::$user->permission(Site::CHANGE_BACKGROUND)) {
$message = "You aren't allowed to change your background.";
$redirect = route('settings.index');
return view('global/information', compact('message', 'redirect'));
@ -190,7 +190,7 @@ class AppearanceController extends Controller
public function header()
{
// Check permission
if (!ActiveUser::$user->permission(Site::CHANGE_HEADER)) {
if (!CurrentSession::$user->permission(Site::CHANGE_HEADER)) {
$message = "You aren't allowed to change your profile header.";
$redirect = route('settings.index');
return view('global/information', compact('message', 'redirect'));
@ -221,9 +221,9 @@ class AppearanceController extends Controller
{
// Check permission
if (!(
ActiveUser::$user->page
&& ActiveUser::$user->permission(Site::CHANGE_USERPAGE)
) && !ActiveUser::$user->permission(Site::CREATE_USERPAGE)) {
CurrentSession::$user->page
&& CurrentSession::$user->permission(Site::CHANGE_USERPAGE)
) && !CurrentSession::$user->permission(Site::CREATE_USERPAGE)) {
$message = "You aren't allowed to change your userpage.";
$redirect = route('settings.index');
return view('global/information', compact('message', 'redirect'));
@ -239,7 +239,7 @@ class AppearanceController extends Controller
$message = 'Your userpage is too long, shorten it a little!';
} else {
DB::table('users')
->where('user_id', ActiveUser::$user->id)
->where('user_id', CurrentSession::$user->id)
->update([
'user_page' => $userpage,
]);
@ -260,7 +260,7 @@ class AppearanceController extends Controller
public function signature()
{
// Check permission
if (!ActiveUser::$user->permission(Site::CHANGE_SIGNATURE)) {
if (!CurrentSession::$user->permission(Site::CHANGE_SIGNATURE)) {
$message = "You aren't allowed to change your signature.";
$redirect = route('settings.index');
return view('global/information', compact('message', 'redirect'));
@ -276,7 +276,7 @@ class AppearanceController extends Controller
$message = 'Your signature is too long, shorten it a little!';
} else {
DB::table('users')
->where('user_id', ActiveUser::$user->id)
->where('user_id', CurrentSession::$user->id)
->update([
'user_signature' => $signature,
]);

34
app/Controllers/Settings/Controller.php
View file

@ -6,8 +6,8 @@
namespace Sakura\Controllers\Settings;
use Sakura\ActiveUser;
use Sakura\Controllers\Controller as BaseController;
use Sakura\CurrentSession;
use Sakura\Perms\Site;
use Sakura\Router;
use Sakura\Template;
@ -36,27 +36,27 @@ class Controller extends BaseController
$nav = [];
// Account
if (ActiveUser::$user->permission(Site::ALTER_PROFILE)) {
if (CurrentSession::$user->permission(Site::ALTER_PROFILE)) {
$nav["Account"]["Profile"] = Router::route('settings.account.profile');
}
if (ActiveUser::$user->permission(Site::CHANGE_EMAIL)) {
if (CurrentSession::$user->permission(Site::CHANGE_EMAIL)) {
$nav["Account"]["E-mail address"] = Router::route('settings.account.email');
}
if (ActiveUser::$user->permission(Site::CHANGE_USERNAME)) {
if (CurrentSession::$user->permission(Site::CHANGE_USERNAME)) {
$nav["Account"]["Username"] = Router::route('settings.account.username');
}
if (ActiveUser::$user->permission(Site::CHANGE_USERTITLE)) {
if (CurrentSession::$user->permission(Site::CHANGE_USERTITLE)) {
$nav["Account"]["Title"] = Router::route('settings.account.title');
}
if (ActiveUser::$user->permission(Site::CHANGE_PASSWORD)) {
if (CurrentSession::$user->permission(Site::CHANGE_PASSWORD)) {
$nav["Account"]["Password"] = Router::route('settings.account.password');
}
if (ActiveUser::$user->permission(Site::ALTER_RANKS)) {
if (CurrentSession::$user->permission(Site::ALTER_RANKS)) {
$nav["Account"]["Ranks"] = Router::route('settings.account.ranks');
}
// Friends
if (ActiveUser::$user->permission(Site::MANAGE_FRIENDS)) {
if (CurrentSession::$user->permission(Site::MANAGE_FRIENDS)) {
$nav["Friends"]["Listing"] = Router::route('settings.friends.listing');
$nav["Friends"]["Requests"] = Router::route('settings.friends.requests');
}
@ -65,30 +65,30 @@ class Controller extends BaseController
$nav["Notifications"]["History"] = Router::route('settings.notifications.history');
// Appearance
if (ActiveUser::$user->permission(Site::CHANGE_AVATAR)) {
if (CurrentSession::$user->permission(Site::CHANGE_AVATAR)) {
$nav["Appearance"]["Avatar"] = Router::route('settings.appearance.avatar');
}
if (ActiveUser::$user->permission(Site::CHANGE_BACKGROUND)) {
if (CurrentSession::$user->permission(Site::CHANGE_BACKGROUND)) {
$nav["Appearance"]["Background"] = Router::route('settings.appearance.background');
}
if (ActiveUser::$user->permission(Site::CHANGE_HEADER)) {
if (CurrentSession::$user->permission(Site::CHANGE_HEADER)) {
$nav["Appearance"]["Header"] = Router::route('settings.appearance.header');
}
if ((
ActiveUser::$user->page
&& ActiveUser::$user->permission(Site::CHANGE_USERPAGE)
) || ActiveUser::$user->permission(Site::CREATE_USERPAGE)) {
CurrentSession::$user->page
&& CurrentSession::$user->permission(Site::CHANGE_USERPAGE)
) || CurrentSession::$user->permission(Site::CREATE_USERPAGE)) {
$nav["Appearance"]["Userpage"] = Router::route('settings.appearance.userpage');
}
if (ActiveUser::$user->permission(Site::CHANGE_SIGNATURE)) {
if (CurrentSession::$user->permission(Site::CHANGE_SIGNATURE)) {
$nav["Appearance"]["Signature"] = Router::route('settings.appearance.signature');
}
// Advanced
if (ActiveUser::$user->permission(Site::MANAGE_SESSIONS)) {
if (CurrentSession::$user->permission(Site::MANAGE_SESSIONS)) {
$nav["Advanced"]["Sessions"] = Router::route('settings.advanced.sessions');
}
if (ActiveUser::$user->permission(Site::DEACTIVATE_ACCOUNT)) {
if (CurrentSession::$user->permission(Site::DEACTIVATE_ACCOUNT)) {
$nav["Advanced"]["Deactivate"] = Router::route('settings.advanced.deactivate');
}

6
app/Controllers/Settings/FriendsController.php
View file

@ -6,7 +6,7 @@
namespace Sakura\Controllers\Settings;
use Sakura\ActiveUser;
use Sakura\CurrentSession;
use Sakura\Perms\Site;
/**
@ -23,7 +23,7 @@ class FriendsController extends Controller
public function listing()
{
// Check permission
if (!ActiveUser::$user->permission(Site::MANAGE_FRIENDS)) {
if (!CurrentSession::$user->permission(Site::MANAGE_FRIENDS)) {
$message = "You aren't allowed to manage friends.";
$redirect = route('settings.index');
return view('global/information', compact('message', 'redirect'));
@ -39,7 +39,7 @@ class FriendsController extends Controller
public function requests()
{
// Check permission
if (!ActiveUser::$user->permission(Site::MANAGE_FRIENDS)) {
if (!CurrentSession::$user->permission(Site::MANAGE_FRIENDS)) {
$message = "You aren't allowed to manage friends.";
$redirect = route('settings.index');
return view('global/information', compact('message', 'redirect'));

4
app/Controllers/UserController.php
View file

@ -6,8 +6,8 @@
namespace Sakura\Controllers;
use Sakura\ActiveUser;
use Sakura\Config;
use Sakura\CurrentSession;
use Sakura\DB;
use Sakura\Perms\Site;
use Sakura\Rank;
@ -67,7 +67,7 @@ class UserController extends Controller
public function members($rank = null)
{
// Check permission
if (!ActiveUser::$user->permission(Site::VIEW_MEMBERLIST)) {
if (!CurrentSession::$user->permission(Site::VIEW_MEMBERLIST)) {
return Template::render('global/restricted');
}

6
app/Middleware/UpdateLastOnline.php
View file

@ -6,7 +6,7 @@
namespace Sakura\Middleware;
use Sakura\ActiveUser;
use Sakura\CurrentSession;
/**
* Updates when the last online time of a user.
@ -20,8 +20,8 @@ class UpdateLastOnline implements MiddlewareInterface
*/
public function run()
{
if (ActiveUser::$user->id !== 0) {
ActiveUser::$user->updateOnline();
if (CurrentSession::$user->id !== 0) {
CurrentSession::$user->updateOnline();
}
}
}

203
app/Session.php
View file

@ -1,129 +1,166 @@
<?php
/**
* Holds the session handler.
* Holds the session object.
* @package Sakura
*/
namespace Sakura;
/**
* User session handler.
* Session object.
* @package Sakura
* @author Julian van de Groep <me@flash.moe>
*/
class Session
{
/**
* The ID of the user this session is from.
* Session storage id.
* @var int
*/
public $userId = 0;
public $id = 0;
/**
* The ID of the session.
* User id.
* @var int
*/
public $user = 0;
/**
* IP address this session was started from.
* @var string
*/
public $sessionId = "";
public $ip = '';
/**
* Constructor.
* @param int $userId
* @param int $sessionId
* Country this session was started from.
* @var string
*/
public function __construct($userId, $sessionId = null)
public $country = '';
/**
* User agent this session was started from.
* @var string
*/
public $agent = '';
/**
* Session secret key.
* @var string
*/
public $key = '';
/**
* Timestamp from when this session was created.
* @var int
*/
public $start = 0;
/**
* Timestamp on which this session will invalidate.
* @var int
*/
public $expire = 0;
/**
* Whether to extend the session's lifetime.
* @var bool
*/
public $remember = false;
/**
* Constructor, $id can be a number or the secret key.
* @param mixed $id
*/
public function __construct($id)
{
// Check if a PHP session was already started and if not start one
if (session_status() != PHP_SESSION_ACTIVE) {
session_start();
$data = DB::table('sessions');
if (is_numeric($id)) {
$data->where('session_id', $id);
} else {
$data->where('session_key', $id);
}
// Set the supposed session data
$this->userId = $userId;
$this->sessionId = $sessionId;
$data = $data->first();
if ($data) {
$this->id = intval($data->session_id);
$this->user = intval($data->user_id);
$this->ip = Net::ntop($data->user_ip);
$this->country = $data->session_country;
$this->agent = $data->user_agent;
$this->key = $data->session_key;
$this->start = intval($data->session_start);
$this->expire = intval($data->session_expire);
$this->remember = boolval($data->session_remember);
}
}
/**
* Destroy the active session.
* Create a new session
* @param int $user
* @param string $ip
* @param string $country
* @param string $agent
* @param bool $remember
* @param int $length
* @return Session
*/
public function destroy()
public static function create($user, $ip, $country, $agent = null, $remember = false, $length = 604800)
{
// Invalidate the session key
DB::table('sessions')
->where('session_key', $this->sessionId)
->where('user_id', $this->userId)
->delete();
$start = time();
$key = bin2hex(random_bytes(64));
// Unset userId and sessionId
unset($this->userId);
unset($this->sessionId);
// Destroy the session
session_regenerate_id(true);
session_destroy();
}
/**
* Destroy all sessions from this user.
*/
public function destroyAll()
{
// Delete all database entries with this user in it
DB::table('sessions')
->where('user_id', $this->userId)
->delete();
// Destroy this session to finish it off
$this->destroy();
}
/**
* Create a new session.
* @param boolean $permanent
* @return string
*/
public function create($permanent)
{
// Generate session key
$session = hash('sha256', $this->userId . base64_encode('sakura' . mt_rand(0, 99999999)) . time());
// Insert the session into the database
DB::table('sessions')
->insert([
'user_id' => $this->userId,
'user_ip' => Net::pton(Net::ip()),
'user_agent' => clean_string(isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : 'No user agent header.'),
'session_key' => $session,
'session_start' => time(),
'session_expire' => time() + 604800,
'session_remember' => $permanent ? '1' : '0',
$id = DB::table('sessions')
->insertGetId([
'user_id' => $user,
'user_ip' => Net::pton($ip),
'user_agent' => $agent,
'session_key' => $key,
'session_start' => $start,
'session_expire' => $start + $length,
'session_remember' => $remember ? 1 : 0,
'session_country' => $country,
]);
// Return the session key
return $session;
return new Session($id);
}
/**
* Delete this session.
*/
public function delete()
{
DB::table('sessions')
->where('session_id', $this->id)
->delete();
}
/**
* Validate the session.
* 0 = false, 1 = active, 2 = permanent.
* @return int
* @param int $user
* @param string $ip
* @return bool
*/
public function validate()
public function validate($user, $ip = null)
{
// Get session from database
$session = DB::table('sessions')
->where('user_id', $this->userId)
->where('session_key', $this->sessionId)
->where([
'session_key' => $this->key,
'user_id' => $user,
])
->first();
// Check if we actually got something in return
if (!$session) {
return 0;
return false;
}
// Check if the session expired
if ($session->session_expire < time()) {
// ...and return false
return 0;
$this->delete();
return false;
}
/* completely removed the code for ip checking because it only worked with IPv4
@ -132,11 +169,21 @@ class Session
// If the remember flag is set extend the session time
if ($session->session_remember) {
DB::table('sessions')
->where('session_id', $session[0]->session_id)
->where('session_id', $session->session_id)
->update(['session_expire' => time() + 604800]);
}
// Return 2 if the remember flag is set and return 1 if not
return $session->session_remember ? 2 : 1;
return true;
}
/**
* Get the country.
* @param bool $long
* @return string
*/
public function country($long = false)
{
return $long ? get_country_name($this->country) : $this->country;
}
}

28
app/User.php
View file

@ -1032,4 +1032,32 @@ class User
return $alerts;
}
/**
* Invalidate all sessions related to this user.
*/
public function purgeSessions()
{
DB::table('sessions')
->where('user_id', $this->id)
->delete();
}
/**
* Get all a user's sessions
* @return array
*/
public function sessions()
{
$sessions = [];
$ids = array_column(DB::table('sessions')
->where('user_id', $this->id)
->get(['session_id']), 'session_id');
foreach ($ids as $id) {
$sessions[$id] = new Session($id);
}
return $sessions;
}
}

21
resources/views/yuuno/settings/advanced/sessions.twig
View file

@ -4,33 +4,36 @@
{% block description %}
<p>Session keys are a way of identifying yourself with the system without keeping your password in memory.</p>
<p>If someone finds one of your session keys they could possibly compromise your account, if you see any sessions here that shouldn't be here hit the Kill button to kill the selected session.</p>
<p>If someone finds one of your session keys they could possibly compromise your account, if you see any sessions here that shouldn't be here hit the Kill button to kill the selected usession.</p>
<p>If you get logged out after clicking one you've most likely killed your current session, to make it easier to avoid this from happening your current session is highlighted.</p>
{% endblock %}
{% block settingsContent %}
<table class="settings-table">
<thead>
<tr><th style="width: 100px;">IP</th><th>Useragent</th><th style="width: 120px;">Login time</th><th></th></tr>
<tr><th style="width: 100px;">IP</th><th>Useragent</th><th>Country</th><th style="width: 120px;">Login time</th><th></th></tr>
</thead>
<tfoot>
<tr><th>IP</th><th>Useragent</th><th>Login time</th><th></th></tr>
<tr><th>IP</th><th>Useragent</th><th>Country</th><th>Login time</th><th></th></tr>
</tfoot>
<tbody>
{% for s in sessions %}
<tr {% if s.session_key == active %} class="current-session"{% endif %}>
{% for usession in sessions %}
<tr {% if usession.id == active %} class="current-session"{% endif %}>
<td>
{{ s.user_ip }}
{{ usession.ip }}
</td>
<td>
{{ s.user_agent }}
{{ usession.agent }}
</td>
<td>
<time class="time-ago" datetime="{{ s.session_start|date('r') }}">{{ s.session_start|date(config('general.date_format')) }}</time>
<img src="/images/flags/{{ usession.country|lower }}.png" alt="{{ usession.country }}"> {{ usession.country(true) }}
</td>
<td>
<time class="time-ago" datetime="{{ usession.start|date('r') }}">{{ usession.start|date(config('general.date_format')) }}</time>
</td>
<td style="width: 90px;">
<form method="post" action="{{ route('settings.advanced.sessions') }}">
<input type="hidden" name="id" value="{{ s.session_id }}">
<input type="hidden" name="id" value="{{ usession.id }}">
<button class="inputStyling small" name="session" value="{{ session_id() }}">Kill</button>
</form>
</td>

6
routes.php
View file

@ -8,7 +8,7 @@ namespace Sakura;
// Check if logged out
Router::filter('logoutCheck', function () {
if (ActiveUser::$user->isActive()) {
if (CurrentSession::$user->isActive()) {
$message = "You must be logged out to do that!";
Template::vars(compact('message'));
@ -19,7 +19,7 @@ Router::filter('logoutCheck', function () {
// Check if logged in
Router::filter('loginCheck', function () {
if (!ActiveUser::$user->isActive()) {
if (!CurrentSession::$user->isActive()) {
$message = "You must be logged in to do that!";
Template::vars(compact('message'));
@ -31,7 +31,7 @@ Router::filter('loginCheck', function () {
// Maintenance check
Router::filter('maintenance', function () {
if (config('general.maintenance')) {
ActiveUser::$session->destroy();
CurrentSession::stop();
http_response_code(503);

7
sakura.php
View file

@ -60,16 +60,17 @@ if (!defined('IN_CLI')) {
// Initialise the current session
$cookiePrefix = config('cookie.prefix');
ActiveUser::init(
CurrentSession::start(
intval($_COOKIE["{$cookiePrefix}id"] ?? 0),
$_COOKIE["{$cookiePrefix}session"] ?? ''
$_COOKIE["{$cookiePrefix}session"] ?? '',
Net::ip()
);
// Start templating engine and set base variables
Template::set(config('general.design'));
Template::vars([
'get' => $_GET,
'user' => ActiveUser::$user,
'user' => CurrentSession::$user,
'post' => $_POST,
'server' => $_SERVER,
'request' => $_REQUEST,