From b3c37b6c5f281793ae7bf8f0616ccc19eb608b6b Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Tue, 21 Nov 2023 18:28:42 -0500
Subject: [PATCH] Added ability revoke a users Remember Me Token from the users
 listing

---
 post/user.php | 24 ++++++++++++++++++++++++
 users.php     |  9 +++++++++
 2 files changed, 33 insertions(+)

diff --git a/post/user.php b/post/user.php
index f16b07c1..35df2c49 100644
--- a/post/user.php
+++ b/post/user.php
@@ -198,6 +198,30 @@ if (isset($_GET['disable_user'])) {
 
 }
 
+if (isset($_GET['revoke_remember_me'])) {
+
+    validateAdminRole();
+    //validateCSRFToken($_GET['csrf_token']);
+
+    $user_id = intval($_GET['revoke_remember_me']);
+
+    // Get User Name
+    $sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_id = $user_id");
+    $row = mysqli_fetch_array($sql);
+    $user_name = sanitizeInput($row['user_name']);
+
+    mysqli_query($mysqli, "UPDATE user_settings SET user_config_remember_me_token = NULL WHERE user_id = $user_id");
+
+    //Logging
+    mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'User', log_action = 'Modify', log_description = '$session_name revoked remember me token', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $user_id");
+
+    $_SESSION['alert_type'] = "error";
+    $_SESSION['alert_message'] = "User <strong>$user_name</strong> remember me token revoked";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
 if (isset($_GET['archive_user'])) {
 
     validateAdminRole();
diff --git a/users.php b/users.php
index 65cdc42d..feb6d7a4 100644
--- a/users.php
+++ b/users.php
@@ -70,6 +70,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                     <th><a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_role&order=<?php echo $disp; ?>">Role</a></th>
                     <th><a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=user_status&order=<?php echo $disp; ?>">Status</a></th>
                     <th class="text-center">MFA</th>
+                    <th class="text-center">Remember Me</th>
                     <th>Last Login</th>
                     <th class="text-center">Action</th>
                 </tr>
@@ -96,6 +97,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                     } else {
                         $mfa_status_display = "<i class='fas fa-fw fa-check text-success'></i>";
                     }
+                    if (empty($row['user_config_remember_me_token'])) {
+                        $remember_me_active = 0;
+                        $remember_me_display = "-";
+                    } else {
+                        $remember_me_active = 1;
+                        $remember_me_display = "<a href='post.php?revoke_remember_me=$user_id'>Enabled,<br>Revoke?</a>";
+                    }
                     $user_config_force_mfa = intval($row['user_config_force_mfa']);
                     $user_role = $row['user_role'];
                     if ($user_role == 3) {
@@ -146,6 +154,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                         <td><?php echo $user_role_display; ?></td>
                         <td><?php echo $user_status_display; ?></td>
                         <td class="text-center"><?php echo $mfa_status_display; ?></td>
+                        <td class="text-center"><?php echo $remember_me_display; ?></td>
                         <td><?php echo $last_login; ?></td>
                         <td>
                             <?php if ($user_id !== $session_user_id) {   // Prevent modifying self ?>