flashii/misuzu
flashii/misuzu
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added underlying code to sessions page.

Browse source
This commit is contained in:
flash 2018-03-26 04:08:35 +02:00
parent cc75f3eedd
commit 13c1c0722e
3 changed files with 38 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
assets/less/mio/classes/settings/sessions.less
View file

@ -22,6 +22,10 @@
&:not(:last-child) { &:not(:last-child) {
margin-bottom: 1px; margin-bottom: 1px;
} }
&--current {
background-color: #c2affe;
}
} }
&__column { &__column {

30
public/settings.php
View file

@ -84,7 +84,7 @@ if ($settings_mode === null) {
$settings_mode = key($settings_modes); $settings_mode = key($settings_modes);
} }
$app->templating->vars(compact('settings_mode', 'settings_modes', 'settings_user')); $app->templating->vars(compact('settings_mode', 'settings_modes', 'settings_user', 'settings_session'));
if (!array_key_exists($settings_mode, $settings_modes)) { if (!array_key_exists($settings_mode, $settings_modes)) {
http_response_code(404); http_response_code(404);
@ -319,6 +319,34 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$settings_errors[] = "You shouldn't have done that."; $settings_errors[] = "You shouldn't have done that.";
break; break;
case 'sessions':
if (!tmp_csrf_verify($_POST['csrf'] ?? '')) {
$settings_errors[] = $csrf_error_str;
break;
}
$session_id = (int)($_POST['session'] ?? 0);
if ($session_id < 1) {
$settings_errors[] = 'no';
break;
}
$session = Session::find($session_id);
if ($session === null || $session->user_id !== $settings_user->user_id) {
$settings_errors[] = 'You may only end your own sessions.';
break;
}
if ($session->session_id === $app->getSession()->session_id) {
header('Location: /auth.php?m=logout&s=' . tmp_csrf_token());
return;
}
$session->delete();
break;
} }
} }

8
views/mio/settings/sessions.twig
View file

@ -3,7 +3,7 @@
{% block settings_content %} {% block settings_content %}
<div class="mio__settings__sessions"> <div class="mio__settings__sessions">
{% for session in user_sessions %} {% for session in user_sessions %}
<div class="mio__settings__sessions__entry" id="session-{{ session.session_id }}"> <div class="mio__settings__sessions__entry{% if session.session_id == settings_session.session_id %} mio__settings__sessions__entry--current{% endif %}" id="session-{{ session.session_id }}">
<div class="mio__settings__sessions__column mio__settings__sessions__column--ip"> <div class="mio__settings__sessions__column mio__settings__sessions__column--ip">
<div class="mio__settings__sessions__column__name"> <div class="mio__settings__sessions__column__name">
IP IP
@ -38,9 +38,11 @@
</div> </div>
</div> </div>
{% endif %} {% endif %}
<div class="mio__settings__sessions__column mio__settings__sessions__column--options"> <form class="mio__settings__sessions__column mio__settings__sessions__column--options" method="post" action="?m=sessions">
<input type="hidden" name="csrf" value="{{ csrf_token() }}">
<input type="hidden" name="session" value="{{ session.session_id }}">
<button class="mio__input__button mio__settings__sessions__button">Kill</button> <button class="mio__input__button mio__settings__sessions__button">Kill</button>
</div> </form>
</div> </div>
{% endfor %} {% endfor %}
</div> </div>