From c0943cfad10cdbfdaa0e957748448cc37bfe443f Mon Sep 17 00:00:00 2001 From: Bofh Date: Sat, 10 Dec 2022 17:19:51 +0100 Subject: [PATCH] Delete sessions when user is edited/deleted and handle on UI --- base.php | 14 ++++++++++++++ cli.php | 2 ++ js/base.php | 5 +++++ 3 files changed, 21 insertions(+) diff --git a/base.php b/base.php index bfa1c30..b33f77a 100644 --- a/base.php +++ b/base.php @@ -20,6 +20,20 @@ if (isset($_SERVER['REQUEST_URI'])) { unset($sessions); } +function __session_delete($user) { + if (!file_exists('/tmp/apcontrol-sessions')) + return false; + $newsessions = []; + $sessions = explode("\n", trim(file_get_contents('/tmp/apcontrol-sessions'))); + foreach ($sessions as $session) { + $ps = explode('.', $session); + if ($ps[0] !== $user) + $newsessions []= $session; + } + file_put_contents('/tmp/apcontrol-sessions', implode("\n", $newsessions)); + return true; +} + if (!file_exists($GLOBALS['appconf']['data_dir'])) mkdir($GLOBALS['appconf']['data_dir']); diff --git a/cli.php b/cli.php index be5139c..3624c98 100644 --- a/cli.php +++ b/cli.php @@ -23,6 +23,7 @@ function cli__users($args) { case 'add': $args = array_slice($args, 1); if (count($args) !== 2) $help(); + __session_delete($args[0]); $args[1] = hash_hmac('sha256', $args[1], $GLOBALS['appconf']['users_hash_secret']); $users[$args[0]] = $args[1]; $msg = 'User "'.$args[0].'" has been succesfully saved.'; @@ -36,6 +37,7 @@ function cli__users($args) { $msg = 'User "'.$args[0].'" does not exist.'; else { unset($users[$args[0]]); + __session_delete($args[0]); $msg = 'User "'.$args[0].'" has been succesfully deleted.'; } break; diff --git a/js/base.php b/js/base.php index 9feeaff..dfc6855 100644 --- a/js/base.php +++ b/js/base.php @@ -248,6 +248,11 @@ const http = { if (hit !== null) hit.remove(); } if (callbk) { + if (this.status === 403) { + toast.error('Unautorized: session might have been closed'); + setTimeout(function(){ window.location.href = '/' }, 4000); + return false; + } const ps = _get_func_params(callbk); if (ps.includes('data') || ps.includes('text') || ps.includes('html') || ps.includes('plain'))