Updates to the session system. Closes #168.

2019-03-31 01:53:46 +01:00 · 2019-03-31 01:53:46 +01:00 · 4c506d84cb
commit 4c506d84cb
parent 4cd935f9ae
3 changed files with 53 additions and 8 deletions
--- a/database/2019_03_31_003320_sessions_updates.php
+++ b/database/2019_03_31_003320_sessions_updates.php
@ -0,0 +1,26 @@
+<?php
+namespace Misuzu\DatabaseMigrations\SessionsUpdates;
+
+use PDO;
+
+function migrate_up(PDO $conn): void
+{
+    $conn->exec("
+        ALTER TABLE `msz_sessions`
+            ADD COLUMN `session_ip_last` VARBINARY(16) NULL DEFAULT NULL AFTER `session_ip`,
+            ADD COLUMN `session_expires_bump` TINYINT UNSIGNED NOT NULL DEFAULT '1' AFTER `session_expires`,
+            ADD UNIQUE INDEX `sessions_key_unique` (`session_key`),
+            ADD INDEX `sessions_expires_index` (`session_expires`);
+    ");
+}
+
+function migrate_down(PDO $conn): void
+{
+    $conn->exec("
+        ALTER TABLE `msz_sessions`
+            DROP COLUMN `session_ip_last`,
+            DROP COLUMN `session_expires_bump`,
+            DROP INDEX `sessions_expires_index`,
+            DROP INDEX `sessions_key_unique`;
+    ");
+}
--- a/src/Users/session.php
+++ b/src/Users/session.php
@ -38,8 +38,11 @@ function user_session_find($sessionId, bool $byKey = false): array

    $findSession = db_prepare(sprintf('
        SELECT
-            `session_id`, `user_id`, INET6_NTOA(`session_ip`) as `session_ip`,
-            `session_country`, `session_user_agent`, `session_key`, `session_created`, `session_expires`, `session_active`
+            `session_id`, `user_id`,
+            INET6_NTOA(`session_ip`) as `session_ip`,
+            INET6_NTOA(`session_ip_last`) as `session_ip_last`,
+            `session_country`, `session_user_agent`, `session_key`, `session_created`,
+            `session_expires`, `session_active`, `session_expires_bump`
        FROM `msz_sessions`
        WHERE `%s` = :session_id
    ', $byKey ? 'session_key' : 'session_id'));
@ -94,8 +97,10 @@ function user_session_list(int $offset, int $take, int $userId = 0): array

    $getSessions = db_prepare(sprintf('
        SELECT
-            `session_id`, `session_country`, `session_user_agent`, `session_created`, `session_expires`, `session_active`,
-            INET6_NTOA(`session_ip`) as `session_ip`
+            `session_id`, `session_country`, `session_user_agent`, `session_created`,
+            `session_expires`, `session_active`, `session_expires_bump`,
+            INET6_NTOA(`session_ip`) as `session_ip`,
+            INET6_NTOA(`session_ip_last`) as `session_ip_last`
        FROM `msz_sessions`
        WHERE %s
        ORDER BY `session_id` DESC
@ -112,7 +117,7 @@ function user_session_list(int $offset, int $take, int $userId = 0): array
    return db_fetch_all($getSessions);
 }

-function user_session_bump_active(int $sessionId): void
+function user_session_bump_active(int $sessionId, string $ipAddress = null): void
 {
    if ($sessionId < 1) {
        return;
@ -120,10 +125,13 @@ function user_session_bump_active(int $sessionId): void

    $bump = db_prepare('
        UPDATE `msz_sessions`
-        SET `session_active` = NOW()
+        SET `session_active` = NOW(),
+            `session_ip_last` = INET6_ATON(:last_ip),
+            `session_expires` = IF(`session_expires_bump`, NOW() + INTERVAL 1 MONTH, `session_expires`)
        WHERE `session_id` = :session_id
    ');
    $bump->bindValue('session_id', $sessionId);
+    $bump->bindValue('last_ip', $ipAddress ?? ip_remote_address());
    $bump->execute();
 }

--- a/templates/user/macros.twig
+++ b/templates/user/macros.twig
@ -148,13 +148,24 @@
            <div class="settings__session__details">
                <div class="settings__session__detail">
                    <div class="settings__session__detail__title">
-                        IP Address
+                        Created from IP
                    </div>
                    <div class="settings__session__detail__value">
                        {{ session.session_ip }}
                    </div>
                </div>

+                {% if session.session_ip_last is not null %}
+                    <div class="settings__session__detail">
+                        <div class="settings__session__detail__title">
+                            Last used from IP
+                        </div>
+                        <div class="settings__session__detail__value">
+                            {{ session.session_ip_last }}
+                        </div>
+                    </div>
+                {% endif %}
+
                <div class="settings__session__detail" title="{{ session.session_created|date('r') }}">
                    <div class="settings__session__detail__title">
                        Created
@ -166,7 +177,7 @@

                <div class="settings__session__detail" title="{{ session.session_expires|date('r') }}">
                    <div class="settings__session__detail__title">
-                        Expires
+                        Expires{% if not session.session_expires_bump %} (static){% endif %}
                    </div>
                    <time class="settings__session__detail__value" datetime="{{ session.session_expires|date('c') }}">
                        {{ session.session_expires|time_diff }}