This commit is contained in:
@@ -0,0 +1,48 @@
|
||||
<?php
|
||||
include "../utils/security.php";
|
||||
secure_session_start();
|
||||
header('Content-Type: application/json');
|
||||
|
||||
require_logged_in();
|
||||
|
||||
include "../../config/config.php";
|
||||
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
|
||||
|
||||
$user_id = $_SESSION['id'];
|
||||
$method = $_SERVER['REQUEST_METHOD'];
|
||||
|
||||
if ($method === 'GET') {
|
||||
$sql = "SELECT id, agent, auth_token FROM keepmeloggedin WHERE user_id = ? ORDER BY id DESC";
|
||||
$stmt = mysqli_prepare($conn, $sql);
|
||||
mysqli_stmt_bind_param($stmt, 'i', $user_id);
|
||||
mysqli_stmt_execute($stmt);
|
||||
$result = mysqli_stmt_get_result($stmt);
|
||||
$sessions = [];
|
||||
while ($row = mysqli_fetch_assoc($result)) {
|
||||
$sessions[] = [
|
||||
'id' => $row['id'],
|
||||
'user_agent' => $row['agent'],
|
||||
'auth_token' => substr($row['auth_token'], 0, 16) . '...'
|
||||
];
|
||||
}
|
||||
mysqli_stmt_close($stmt);
|
||||
echo json_encode(['success' => true, 'sessions' => $sessions]);
|
||||
|
||||
} elseif ($method === 'POST') {
|
||||
require_csrf_token();
|
||||
$input = json_decode(file_get_contents('php://input'), true);
|
||||
|
||||
$sql = "DELETE FROM keepmeloggedin WHERE user_id = ?";
|
||||
$stmt = mysqli_prepare($conn, $sql);
|
||||
mysqli_stmt_bind_param($stmt, 'i', $user_id);
|
||||
mysqli_stmt_execute($stmt);
|
||||
mysqli_stmt_close($stmt);
|
||||
|
||||
delete_cookie("auth_token");
|
||||
log_activity($conn, $user_id, 'sessions_revoked', 'All remembered sessions deleted');
|
||||
|
||||
echo json_encode(['success' => true, 'message' => 'All sessions revoked.']);
|
||||
} else {
|
||||
echo json_encode(['success' => false, 'message' => 'Invalid request method.'], 405);
|
||||
}
|
||||
?>
|
||||
Reference in New Issue
Block a user