Added delete all sessions button.

2018-08-15 15:36:40 +02:00 · 2018-08-15 15:36:40 +02:00 · 248ba3a539
commit 248ba3a539
parent 8daa95168b
3 changed files with 33 additions and 2 deletions
--- a/assets/less/mio/classes/settings/sessions.less
+++ b/assets/less/mio/classes/settings/sessions.less
@ -14,6 +14,14 @@
        }
    }

+    &__actions {
+        display: flex;
+        justify-content: center;
+        padding: 6px;
+        border-bottom: 1px solid #9475b2;
+        margin-bottom: 1px;
+    }
+
    &__entry {
        display: flex;
        border: 1px solid #9475b2;
--- a/public/settings.php
+++ b/public/settings.php
@ -149,6 +149,21 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
            }
        }

+        if (!empty($_POST['session_action'])) {
+            switch ($_POST['session_action']) {
+                case 'kill-all':
+                    Database::prepare('
+                        DELETE FROM `msz_sessions`
+                        WHERE `user_id` = :user_id
+                    ')->execute([
+                        'user_id' => $app->getUserId(),
+                    ]);
+                    audit_log('PERSONAL_SESSION_DESTROY_ALL', $app->getUserId());
+                    header('Location: /');
+                    return;
+            }
+        }
+
        if (!empty($_POST['session']) && is_numeric($_POST['session'])) {
            $session_id = (int)($_POST['session'] ?? 0);

@ -379,6 +394,7 @@ switch ($settingsMode) {
                'PERSONAL_EMAIL_CHANGE' => 'Changed e-mail address to %s.',
                'PERSONAL_PASSWORD_CHANGE' => 'Changed account password.',
                'PERSONAL_SESSION_DESTROY' => 'Ended session #%d.',
+                'PERSONAL_SESSION_DESTROY_ALL' => 'Ended all personal sessions.',
                'PASSWORD_RESET' => 'Successfully used the password reset form to change password.',
                'CHANGELOG_ENTRY_CREATE' => 'Created a new changelog entry #%d.',
                'CHANGELOG_ENTRY_EDIT' => 'Edited changelog entry #%d.',
@ -387,7 +403,7 @@ switch ($settingsMode) {
                'CHANGELOG_TAG_CREATE' => 'Created new changelog tag #%d.',
                'CHANGELOG_TAG_EDIT' => 'Edited changelog tag #%d.',
                'CHANGELOG_ACTION_CREATE' => 'Created new changelog action #%d.',
-                'CHANGELOG_ACTION_EDITl' => 'Edited changelog action #%d.',
+                'CHANGELOG_ACTION_EDIT' => 'Edited changelog action #%d.',
            ],
            'user_login_attempts' => $loginAttempts,
            'login_attempts_offset' => $loginAttemptsOffset,
--- a/templates/settings/sessions.twig
+++ b/templates/settings/sessions.twig
@ -5,13 +5,20 @@

 {% block settings_content %}
    <div class="container">
-        <div class="container__title">Login History</div>
+        <div class="container__title">Sessions</div>

        <div class="settings__sessions">
            <div class="settings__description">
                <p>These are the active logins to your account, clicking the Kill button will force a logout on that session. Your current login is highlighted with a darker purple so you don't accidentally force yourself to logout.</p>
            </div>

+            <form class="settings__sessions__actions" method="post" action="?m=sessions">
+                <input type="hidden" name="csrf" value="{{ csrf_token() }}">
+                <button class="input__button" name="session_action" value="kill-all">
+                    Kill all active sessions
+                </button>
+            </form>
+
            {{ spagination }}

            {% for session in user_sessions %}