novabbs
/
rocksolid-light
3
0
Fork 1
Code Issues 22 Pull Requests Releases Wiki Activity

Add session expiry in config.ing.php.

This commit is contained in:
Retro_Guy 2024-07-25 06:09:36 -07:00
parent f83f04b634
commit 8bc18592b2
2 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Rocksolid_Light/rocksolid/config.inc.php
View File

@ -4,6 +4,16 @@ if (!isset($_SESSION)) {
ini_set('session.gc_maxlifetime', 14400);
session_set_cookie_params(14400);
session_start();
if (isset($_SESSION['last_activity']) && (time() - $_SESSION['last_activity'] > 1800)) {
// last request was more than 30 minutes ago
session_unset();
session_destroy();
}
$_SESSION['previous_activity'] = $_SESSION['last_activity'];
$_SESSION['last_activity'] = time();
if(!isset($_SESSION['start_stamp'])) {
$_SESSION['start_stamp'] = time();
}
}
include "../common/config.inc.php";

14
Rocksolid_Light/rocksolid/newsportal.php
View File

@ -1280,13 +1280,23 @@ function group_display_name($gname)
}
function verify_logged_in($name) {
global $CONFIG, $auth_log;
global $CONFIG, $auth_log, $debug_log;
$logged_in = false;
$ip_pass = false;
// For checking session expire stuff
if(!isset($_SESSION['start_stamp'])) {
$_SESSION['start_stamp'] = time();
}
$start_stamp = get_date_interval(get_date_interval(date("D, j M Y H:i T", $_SESSION['start_stamp'])));
$previous_activity = get_date_interval(get_date_interval(date("D, j M Y H:i T", $_SESSION['previous_activity'])));
file_put_contents($debug_log, "\n" . logging_prefix() . " SESSION AGE for: " . $name . " Started: " . $start_stamp . " Gap: " . $previous_activity, FILE_APPEND);
if (! isset($_SESSION['start_address'])) {
$_SESSION['start_address'] = $_SERVER['REMOTE_ADDR'];
$ip_pass = true;
file_put_contents($auth_log, "\n" . logging_prefix() . " IP address SET for: " . $name, FILE_APPEND);
} else {
if ($_SERVER['REMOTE_ADDR'] != $_SESSION['start_address']) {
$ip_pass = false;
@ -1301,7 +1311,7 @@ function verify_logged_in($name) {
file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION PASS OK for: " . $name, FILE_APPEND);
} else {
$logged_in = false;
file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION PASS expired or not set for: " . $name, FILE_APPEND);
file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION PASS false or expired for: " . $name, FILE_APPEND);
}
if ($CONFIG['anonuser'] == '1') {
$logged_in = false;