diff --git a/admin_users.php b/admin_users.php
index d8a3c393..78a56e51 100644
--- a/admin_users.php
+++ b/admin_users.php
@@ -70,7 +70,6 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
| Role |
Status |
MFA |
- Remember Me |
Last Login |
Action |
@@ -93,16 +92,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$user_avatar = nullable_htmlentities($row['user_avatar']);
$user_token = nullable_htmlentities($row['user_token']);
if(empty($user_token)) {
- $mfa_status_display = "-";
+ $mfa_status_display = "";
} else {
- $mfa_status_display = "";
- }
- if (empty($row['user_config_remember_me_token'])) {
- $remember_me_active = 0;
- $remember_me_display = "-";
- } else {
- $remember_me_active = 1;
- $remember_me_display = "Enabled,
Revoke?";
+ $mfa_status_display = "";
}
$user_config_force_mfa = intval($row['user_config_force_mfa']);
$user_role = $row['user_role'];
@@ -133,6 +125,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$last_login = "$log_created_at
$log_user_os
$log_user_browser
$log_ip";
}
+ $sql_remember_tokens = mysqli_query($mysqli, "SELECT * FROM remember_tokens WHERE remember_token_user_id = $user_id");
+ $remember_token_count = mysqli_num_rows($sql_remember_tokens);
+
?>
|
@@ -154,7 +149,6 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
| |
|
|
- |
|
@@ -166,6 +160,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
Edit
+ 0) { ?>
+ Revoke Remember Tokens
+
+
Activate
diff --git a/database_updates.php b/database_updates.php
index ad500c0e..30527bcc 100644
--- a/database_updates.php
+++ b/database_updates.php
@@ -1615,10 +1615,16 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.7'");
}
- // if (CURRENT_DATABASE_VERSION == '1.0.7') {
- // // Insert queries here required to update to DB version 1.0.8
+ if (CURRENT_DATABASE_VERSION == '1.0.7') {
+ mysqli_query($mysqli, "ALTER TABLE `user_settings` DROP `user_config_remember_me_token`");
+
+ mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.8'");
+ }
+
+ // if (CURRENT_DATABASE_VERSION == '1.0.8') {
+ // // Insert queries here required to update to DB version 1.0.9
// // Then, update the database to the next sequential version
- // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.8'");
+ // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.9'");
// }
} else {
diff --git a/database_version.php b/database_version.php
index c1dcafe2..eb2233d5 100644
--- a/database_version.php
+++ b/database_version.php
@@ -5,5 +5,5 @@
* It is used in conjunction with database_updates.php
*/
-DEFINE("LATEST_DATABASE_VERSION", "1.0.7");
+DEFINE("LATEST_DATABASE_VERSION", "1.0.8");
diff --git a/db.sql b/db.sql
index 16b440e2..2a6a57ea 100644
--- a/db.sql
+++ b/db.sql
@@ -1667,7 +1667,6 @@ DROP TABLE IF EXISTS `user_settings`;
CREATE TABLE `user_settings` (
`user_id` int(11) NOT NULL,
`user_role` int(11) NOT NULL,
- `user_config_remember_me_token` varchar(255) DEFAULT NULL,
`user_config_force_mfa` tinyint(1) NOT NULL DEFAULT 0,
`user_config_records_per_page` int(11) NOT NULL DEFAULT 10,
`user_config_dashboard_financial_enable` tinyint(1) NOT NULL DEFAULT 0,
@@ -1784,4 +1783,4 @@ CREATE TABLE `vendors` (
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
--- Dump completed on 2024-02-23 23:44:31
+-- Dump completed on 2024-02-29 15:50:30
diff --git a/post/user.php b/post/user.php
index 60515059..0b900cfb 100644
--- a/post/user.php
+++ b/post/user.php
@@ -220,7 +220,7 @@ if (isset($_GET['disable_user'])) {
if (isset($_GET['revoke_remember_me'])) {
validateAdminRole();
- //validateCSRFToken($_GET['csrf_token']);
+ validateCSRFToken($_GET['csrf_token']);
$user_id = intval($_GET['revoke_remember_me']);
@@ -229,13 +229,13 @@ if (isset($_GET['revoke_remember_me'])) {
$row = mysqli_fetch_array($sql);
$user_name = sanitizeInput($row['user_name']);
- mysqli_query($mysqli, "UPDATE user_settings SET user_config_remember_me_token = NULL WHERE user_id = $user_id");
+ mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_user_id = $user_id");
//Logging
- mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'User', log_action = 'Modify', log_description = '$session_name revoked remember me token', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $user_id");
+ mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'User', log_action = 'Modify', log_description = '$session_name revoked all remember me tokens', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $user_id");
$_SESSION['alert_type'] = "error";
- $_SESSION['alert_message'] = "User $user_name remember me token revoked";
+ $_SESSION['alert_message'] = "User $user_name remember me tokens revoked";
header("Location: " . $_SERVER["HTTP_REFERER"]);
|