mirror of https://github.com/itflow-org/itflow
Removed old Remember me token, update revoke remember me function
This commit is contained in:
johnnyq
parent
6641c5c338
commit
15e729e65a
|
|
@ -70,7 +70,6 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<th><a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_role&order=<?php echo $disp; ?>">Role</a></th>
|
||||
<th><a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_status&order=<?php echo $disp; ?>">Status</a></th>
|
||||
<th class="text-center">MFA</th>
|
||||
<th class="text-center">Remember Me</th>
|
||||
<th>Last Login</th>
|
||||
<th class="text-center">Action</th>
|
||||
</tr>
|
||||
|
|
@ -93,16 +92,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
$user_avatar = nullable_htmlentities($row['user_avatar']);
|
||||
$user_token = nullable_htmlentities($row['user_token']);
|
||||
if(empty($user_token)) {
|
||||
$mfa_status_display = "-";
|
||||
$mfa_status_display = "<i class='fas fa-fw fa-unlock text-danger'></i>";
|
||||
} else {
|
||||
$mfa_status_display = "<i class='fas fa-fw fa-check text-success'></i>";
|
||||
}
|
||||
if (empty($row['user_config_remember_me_token'])) {
|
||||
$remember_me_active = 0;
|
||||
$remember_me_display = "-";
|
||||
} else {
|
||||
$remember_me_active = 1;
|
||||
$remember_me_display = "<a href='post.php?revoke_remember_me=$user_id'>Enabled,<br>Revoke?</a>";
|
||||
$mfa_status_display = "<i class='fas fa-fw fa-lock text-success'></i>";
|
||||
}
|
||||
$user_config_force_mfa = intval($row['user_config_force_mfa']);
|
||||
$user_role = $row['user_role'];
|
||||
|
|
@ -133,6 +125,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
$last_login = "$log_created_at<br><small class='text-secondary'>$log_user_os<br>$log_user_browser<br><i class='fa fa-fw fa-globe'></i> $log_ip</small>";
|
||||
}
|
||||
|
||||
$sql_remember_tokens = mysqli_query($mysqli, "SELECT * FROM remember_tokens WHERE remember_token_user_id = $user_id");
|
||||
$remember_token_count = mysqli_num_rows($sql_remember_tokens);
|
||||
|
||||
?>
|
||||
<tr>
|
||||
<td class="text-center">
|
||||
|
|
@ -154,7 +149,6 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<td><?php echo $user_role_display; ?></td>
|
||||
<td><?php echo $user_status_display; ?></td>
|
||||
<td class="text-center"><?php echo $mfa_status_display; ?></td>
|
||||
<td class="text-center"><?php echo $remember_me_display; ?></td>
|
||||
<td><?php echo $last_login; ?></td>
|
||||
<td>
|
||||
<?php if ($user_id !== $session_user_id) { // Prevent modifying self ?>
|
||||
|
|
@ -166,6 +160,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editUserModal<?php echo $user_id; ?>">
|
||||
<i class="fas fa-fw fa-user-edit mr-2"></i>Edit
|
||||
</a>
|
||||
<?php if ($remember_token_count > 0) { ?>
|
||||
<a class="dropdown-item" href="post.php?revoke_remember_me=<?php echo $user_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>"><i class="fas fa-fw fa-ban mr-2"></i>Revoke <?php echo $remmeber_token_count; ?> Remember Tokens
|
||||
</a>
|
||||
<?php } ?>
|
||||
<?php if ($user_status == 0) { ?>
|
||||
<a class="dropdown-item text-success" href="post.php?activate_user=<?php echo $user_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
|
||||
<i class="fas fa-fw fa-user-check mr-2"></i>Activate
|
||||
|
|
|
|||
|
|
@ -1615,10 +1615,16 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
|
|||
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.7'");
|
||||
}
|
||||
|
||||
// if (CURRENT_DATABASE_VERSION == '1.0.7') {
|
||||
// // Insert queries here required to update to DB version 1.0.8
|
||||
if (CURRENT_DATABASE_VERSION == '1.0.7') {
|
||||
mysqli_query($mysqli, "ALTER TABLE `user_settings` DROP `user_config_remember_me_token`");
|
||||
|
||||
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.8'");
|
||||
}
|
||||
|
||||
// if (CURRENT_DATABASE_VERSION == '1.0.8') {
|
||||
// // Insert queries here required to update to DB version 1.0.9
|
||||
// // Then, update the database to the next sequential version
|
||||
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.8'");
|
||||
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.9'");
|
||||
// }
|
||||
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -5,5 +5,5 @@
|
|||
* It is used in conjunction with database_updates.php
|
||||
*/
|
||||
|
||||
DEFINE("LATEST_DATABASE_VERSION", "1.0.7");
|
||||
DEFINE("LATEST_DATABASE_VERSION", "1.0.8");
|
||||
|
||||
|
|
|
|||
3
db.sql
3
db.sql
|
|
@ -1667,7 +1667,6 @@ DROP TABLE IF EXISTS `user_settings`;
|
|||
CREATE TABLE `user_settings` (
|
||||
`user_id` int(11) NOT NULL,
|
||||
`user_role` int(11) NOT NULL,
|
||||
`user_config_remember_me_token` varchar(255) DEFAULT NULL,
|
||||
`user_config_force_mfa` tinyint(1) NOT NULL DEFAULT 0,
|
||||
`user_config_records_per_page` int(11) NOT NULL DEFAULT 10,
|
||||
`user_config_dashboard_financial_enable` tinyint(1) NOT NULL DEFAULT 0,
|
||||
|
|
@ -1784,4 +1783,4 @@ CREATE TABLE `vendors` (
|
|||
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
|
||||
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
|
||||
|
||||
-- Dump completed on 2024-02-23 23:44:31
|
||||
-- Dump completed on 2024-02-29 15:50:30
|
||||
|
|
|
|||
|
|
@ -220,7 +220,7 @@ if (isset($_GET['disable_user'])) {
|
|||
if (isset($_GET['revoke_remember_me'])) {
|
||||
|
||||
validateAdminRole();
|
||||
//validateCSRFToken($_GET['csrf_token']);
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
|
||||
$user_id = intval($_GET['revoke_remember_me']);
|
||||
|
||||
|
|
@ -229,13 +229,13 @@ if (isset($_GET['revoke_remember_me'])) {
|
|||
$row = mysqli_fetch_array($sql);
|
||||
$user_name = sanitizeInput($row['user_name']);
|
||||
|
||||
mysqli_query($mysqli, "UPDATE user_settings SET user_config_remember_me_token = NULL WHERE user_id = $user_id");
|
||||
mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_user_id = $user_id");
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'User', log_action = 'Modify', log_description = '$session_name revoked remember me token', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $user_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'User', log_action = 'Modify', log_description = '$session_name revoked all remember me tokens', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $user_id");
|
||||
|
||||
$_SESSION['alert_type'] = "error";
|
||||
$_SESSION['alert_message'] = "User <strong>$user_name</strong> remember me token revoked";
|
||||
$_SESSION['alert_message'] = "User <strong>$user_name</strong> remember me tokens revoked";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue