From 8bc18592b26dc110e6e460cc773b96b65f023556 Mon Sep 17 00:00:00 2001
From: Retro_Guy <retro.guy@rocksolidbbs.com>
Date: Thu, 25 Jul 2024 06:09:36 -0700
Subject: [PATCH] Add session expiry in config.ing.php.

---
 Rocksolid_Light/rocksolid/config.inc.php | 10 ++++++++++
 Rocksolid_Light/rocksolid/newsportal.php | 14 ++++++++++++--
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/Rocksolid_Light/rocksolid/config.inc.php b/Rocksolid_Light/rocksolid/config.inc.php
index a7127ce..bb846fb 100644
--- a/Rocksolid_Light/rocksolid/config.inc.php
+++ b/Rocksolid_Light/rocksolid/config.inc.php
@@ -4,6 +4,16 @@ if (!isset($_SESSION)) {
     ini_set('session.gc_maxlifetime', 14400);
     session_set_cookie_params(14400);
     session_start();
+    if (isset($_SESSION['last_activity']) && (time() - $_SESSION['last_activity'] > 1800)) {
+        // last request was more than 30 minutes ago
+        session_unset();
+        session_destroy();
+    }
+    $_SESSION['previous_activity'] = $_SESSION['last_activity'];
+    $_SESSION['last_activity'] = time();
+    if(!isset($_SESSION['start_stamp'])) {
+        $_SESSION['start_stamp'] = time();
+    }
  }
 
 include "../common/config.inc.php";
diff --git a/Rocksolid_Light/rocksolid/newsportal.php b/Rocksolid_Light/rocksolid/newsportal.php
index 3ca1848..4d17fc6 100644
--- a/Rocksolid_Light/rocksolid/newsportal.php
+++ b/Rocksolid_Light/rocksolid/newsportal.php
@@ -1280,13 +1280,23 @@ function group_display_name($gname)
 }
 
 function verify_logged_in($name) {
-    global $CONFIG, $auth_log;
+    global $CONFIG, $auth_log, $debug_log;
 
     $logged_in = false;
     $ip_pass = false;
+
+    // For checking session expire stuff
+    if(!isset($_SESSION['start_stamp'])) {
+        $_SESSION['start_stamp'] = time();
+    }
+    $start_stamp = get_date_interval(get_date_interval(date("D, j M Y H:i T", $_SESSION['start_stamp'])));
+    $previous_activity = get_date_interval(get_date_interval(date("D, j M Y H:i T", $_SESSION['previous_activity'])));
+    file_put_contents($debug_log, "\n" . logging_prefix() . " SESSION AGE for: " . $name . "  Started: " . $start_stamp . " Gap: " . $previous_activity, FILE_APPEND);
+
     if (! isset($_SESSION['start_address'])) {
         $_SESSION['start_address'] = $_SERVER['REMOTE_ADDR'];
         $ip_pass = true;
+        file_put_contents($auth_log, "\n" . logging_prefix() . " IP address SET for: " . $name, FILE_APPEND);
     } else {
         if ($_SERVER['REMOTE_ADDR'] != $_SESSION['start_address']) {
             $ip_pass = false;
@@ -1301,7 +1311,7 @@ function verify_logged_in($name) {
         file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION PASS OK for: " . $name, FILE_APPEND);
     } else {
         $logged_in = false;
-        file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION PASS expired or not set for: " . $name, FILE_APPEND);
+        file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION PASS false or expired for: " . $name, FILE_APPEND);
     }
     if ($CONFIG['anonuser'] == '1') {
         $logged_in = false;