automatically go to login page on session timeout

diff --git a/api/timeout.php b/api/timeout.php
new file mode 100644 (file)
index 0000000..f53f64e
--- /dev/null
+++ b/api/timeout.php
@@ -0,0 +1,12 @@
+<?php
+
+include "../cfg/defines.php";
+session_start();
+//timeout after 10 mins of inactivity
+if (isset($_SESSION["id"]) && isset($_SESSION["last-activity"]) && time() - $_SESSION["last-activity"] < INACTIVITY_TIMEOUT)
+    die(json_encode(['session' => 'active']));
+else
+{
+    session_destroy();
+    die(json_encode(['session' => 'none']));
+}
\ No newline at end of file

diff --git a/cfg/defines.php b/cfg/defines.php
index 85b3448364085fd4bae2beaa3c7646a5e6d03235..818ab99d5c1a01ddc7d1f5d81a2c3de35de9959f 100644 (file)
--- a/cfg/defines.php
+++ b/cfg/defines.php
@@ -19,3 +19,8 @@ define('DEFAULT_CHAN_DETAIL_QUICK_BAN_REASON', "You have been removed from this
  */
 define('WEBPANEL_VERSION', "1.0-git");
 
+/**
+ * After how long to log a user out for inactivity
+ * Default is 15 mins
+ */
+define('INACTIVITY_TIMEOUT', 900);
\ No newline at end of file

diff --git a/header.php b/header.php
index 0e0a0be8b24e74649006d06ffc1fc413bdc81929..cb095b9082f424be1e1abd4dc8d9abec28ee31cc 100644 (file)
--- a/header.php
+++ b/header.php
@@ -1,4 +1,25 @@
-<?php $arr = []; Hook::run(HOOKTYPE_PRE_HEADER, $arr); ?>
+<?php
+if (is_auth_provided())
+{?>
+       <script>
+               var BASE_URL = "<?php echo BASE_URL; ?>";
+               function timeoutCheck() {
+                       var xhttp = new XMLHttpRequest();
+                       xhttp.onreadystatechange = function() {
+                               if (this.readyState == 4 && this.status == 200) {
+                                       var data = JSON.parse(this.responseText);
+                                       if (data.session == 'none')
+                                               window.location = BASE_URL + 'login/?timeout=1&redirect=' + encodeURIComponent(window.location.pathname);
+                               }
+                       };
+                       xhttp.open("GET", BASE_URL + "api/timeout.php", true);
+                       xhttp.send();
+               }
+               timeoutCheck();
+               setInterval(timeoutCheck, 15000);
+       </script>
+<?php }
+$arr = []; Hook::run(HOOKTYPE_PRE_HEADER, $arr); ?>
 <!DOCTYPE html>
 <head>
 <div class="media">
@@ -31,6 +52,7 @@
 <!-- Bootstrap JS -->
 <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js" integrity="sha384-uefMccjFJAIv6A+rW+L4AHf99KvxDjWSu1z9VI8SKNVmz4sk7buKt/6v9KI65qnm" crossorigin="anonymous"></script>
 
+
 <div class="container-fluid">
        
        <!-- Fixed navbar -->

diff --git a/login/index.php b/login/index.php
index 178b1eefca1cb1d06ce462311cd9beb53d1f4957..b27f65b749a81ff824de2518a4e3cfa36a06aa66 100644 (file)
--- a/login/index.php
+++ b/login/index.php
@@ -23,6 +23,12 @@ if (!empty($_GET['logout']))
                $logout = true;
        }
 }
+if (!empty($_GET['timeout']))
+{
+       $failmsg = "Your session has timed out. Please login again to continue";
+       $_SESSION = NULL;
+       session_destroy();
+}
 if (!empty($_POST))
 {
        if ($_POST['username'] && $_POST['password'])

diff --git a/plugins/sql_auth/sql_auth.php b/plugins/sql_auth/sql_auth.php
index 93c7298e9790f841aa26c71b32ec4976fae631a5..bf911eb96b46848c3d7c560416dc0e7dffa2d299 100644 (file)
--- a/plugins/sql_auth/sql_auth.php
+++ b/plugins/sql_auth/sql_auth.php
@@ -94,6 +94,8 @@ class sql_auth
                                die();
                        }
                        // you'll be automatically logged out after one hour of inactivity
+                       $_SESSION['last-activity'] = time();
+
                }
        }