lucidAuth/public/lucidAuth.manage.php

<?php
	error_reporting(E_ALL ^ E_NOTICE);

	include_once('../include/lucidAuth.functions.php');

	if (!empty($_COOKIE['JWT'])) {
		$validateTokenResult = validateToken($_COOKIE['JWT']);
	}

	if ($validateTokenResult['status'] === "Success") {
        if ($_REQUEST['do'] === 'retrievesessions') {
            $storedTokens = [];

            $pdoQuery = $pdoDB->prepare('
                SELECT SecureToken.Id, SecureToken.UserId, SecureToken.Value
                FROM SecureToken
                WHERE SecureToken.UserId = :userid
            ');
            $pdoQuery->execute([
                ':userid'	=>	(int) $_REQUEST['userid']
            ]);
            foreach($pdoQuery->fetchAll(PDO::FETCH_ASSOC) as $row) {
                try {
                    $JWTPayload = JWT::decode($row['Value'], base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
                    $storedTokens[] = [
                        'tid'   => $row['Id'],
                        'iat'	=> $JWTPayload->iat,
                        'iss'	=> $JWTPayload->iss,
                        'fp'    => $JWTPayload->fp
                    ];
                } catch (Exception $e) {
                    // Invalid token
                    continue;
                }
            }

            // Return JSON object
			header('Content-Type: application/json');
			echo json_encode([
				"Result"       => "Success",
                "SessionCount" => sizeof($storedTokens),
                "UserSessions" => json_encode($storedTokens)
			]);
        } else {
            // No action requested, default action
            include_once('../include/lucidAuth.template.php');

            try {
                $allUsers = $pdoDB->query('
                    SELECT User.Id, User.Username, Role.Rolename
                    FROM User
                    LEFT JOIN Role
                        ON (Role.Id = User.RoleId)
                ')->fetchAll(PDO::FETCH_ASSOC);
            } catch (Exception $e) {
// Should really do some actual errorhandling here
                throw new Exception($e);
            }
            foreach($allUsers as $row) {
                $tableRows[] = sprintf('<tr%1$s><td data-userid="%2$s">%3$s</td><td>%4$s</td><td class="immutable">%5$s</td></tr>',
                    $validateTokenResult['uid'] === $row['Id'] ? ' class="currentuser"': null,
                    $row['Id'],
                    explode('\\', $row['Username'])[1],
                    $row['Rolename'],
                    '<button class="bttn-simple bttn-xs bttn-primary session" data-translation="button_sessions">Sessions</button>' . ($validateTokenResult['uid'] === $row['Id'] ? null : '&nbsp;<button class="bttn-simple bttn-xs bttn-primary delete" data-translation="button_delete">Delete</button>')
                );
            }

            echo sprintf($pageLayout['full_alt'],
                sprintf($contentLayout['manage']['header'],
                    $validateTokenResult['name']
                ),
                sprintf($contentLayout['manage']['section'],
                    implode($tableRows)
                )
            );
        }
	} else {
		// No cookie containing valid authentication token found;
		//   explicitly deleting any remaining cookie, then redirecting to loginpage
		setcookie('JWT', FALSE);

		header("HTTP/1.1 401 Unauthorized");
		header("Location: lucidAuth.login.php");
	}

?>
Migrated IDE platform; accepting nonexisting diffs to make IDE happy 2019-02-27 21:39:31 +01:00			`<?php`
			`error_reporting(E_ALL ^ E_NOTICE);`

			`include_once('../include/lucidAuth.functions.php');`
Managementinterface retrieves data from database; Table on interface is editable; replaced library. 2019-03-04 10:43:08 +01:00
Migrated IDE platform; accepting nonexisting diffs to make IDE happy 2019-02-27 21:39:31 +01:00			`if (!empty($_COOKIE['JWT'])) {`
			`$validateTokenResult = validateToken($_COOKIE['JWT']);`
			`}`

			`if ($validateTokenResult['status'] === "Success") {`
First draft of session management for admins 2019-12-06 15:15:38 +00:00			`if ($_REQUEST['do'] === 'retrievesessions') {`
Added garbage collection for expired and defunct tokens in database. 2019-12-10 15:57:06 +00:00			`$storedTokens = [];`

First draft of session management for admins 2019-12-06 15:15:38 +00:00			`$pdoQuery = $pdoDB->prepare('`
			`SELECT SecureToken.Id, SecureToken.UserId, SecureToken.Value`
			`FROM SecureToken`
Added garbage collection for expired and defunct tokens in database. 2019-12-10 15:57:06 +00:00			`WHERE SecureToken.UserId = :userid`
First draft of session management for admins 2019-12-06 15:15:38 +00:00			`');`
			`$pdoQuery->execute([`
			`':userid' => (int) $_REQUEST['userid']`
			`]);`
			`foreach($pdoQuery->fetchAll(PDO::FETCH_ASSOC) as $row) {`
Added garbage collection for expired and defunct tokens in database. 2019-12-10 15:57:06 +00:00			`try {`
			`$JWTPayload = JWT::decode($row['Value'], base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);`
			`$storedTokens[] = [`
Added UI elements for managing sessions 2019-12-30 11:44:35 +00:00			`'tid' => $row['Id'],`
Added garbage collection for expired and defunct tokens in database. 2019-12-10 15:57:06 +00:00			`'iat' => $JWTPayload->iat,`
			`'iss' => $JWTPayload->iss,`
			`'fp' => $JWTPayload->fp`
			`];`
			`} catch (Exception $e) {`
			`// Invalid token`
			`continue;`
			`}`
First draft of session management for admins 2019-12-06 15:15:38 +00:00			`}`

			`// Return JSON object`
			`header('Content-Type: application/json');`
			`echo json_encode([`
			`"Result" => "Success",`
Added garbage collection for expired and defunct tokens in database. 2019-12-10 15:57:06 +00:00			`"SessionCount" => sizeof($storedTokens),`
			`"UserSessions" => json_encode($storedTokens)`
First draft of session management for admins 2019-12-06 15:15:38 +00:00			`]);`
			`} else {`
			`// No action requested, default action`
			`include_once('../include/lucidAuth.template.php');`

			`try {`
			`$allUsers = $pdoDB->query('`
			`SELECT User.Id, User.Username, Role.Rolename`
			`FROM User`
			`LEFT JOIN Role`
			`ON (Role.Id = User.RoleId)`
			`')->fetchAll(PDO::FETCH_ASSOC);`
			`} catch (Exception $e) {`
Managementinterface retrieves data from database; Table on interface is editable; replaced library. 2019-03-04 10:43:08 +01:00			`// Should really do some actual errorhandling here`
First draft of session management for admins 2019-12-06 15:15:38 +00:00			`throw new Exception($e);`
			`}`
			`foreach($allUsers as $row) {`
			`$tableRows[] = sprintf('<tr%1$s><td data-userid="%2$s">%3$s</td><td>%4$s</td><td class="immutable">%5$s</td></tr>',`
			`$validateTokenResult['uid'] === $row['Id'] ? ' class="currentuser"': null,`
			`$row['Id'],`
			`explode('\\', $row['Username'])[1],`
			`$row['Rolename'],`
			`'<button class="bttn-simple bttn-xs bttn-primary session" data-translation="button_sessions">Sessions</button>' . ($validateTokenResult['uid'] === $row['Id'] ? null : ' <button class="bttn-simple bttn-xs bttn-primary delete" data-translation="button_delete">Delete</button>')`
			`);`
			`}`

			`echo sprintf($pageLayout['full_alt'],`
			`sprintf($contentLayout['manage']['header'],`
			`$validateTokenResult['name']`
			`),`
			`sprintf($contentLayout['manage']['section'],`
			`implode($tableRows)`
			`)`
Managementinterface retrieves data from database; Table on interface is editable; replaced library. 2019-03-04 10:43:08 +01:00			`);`
First draft of session management for admins 2019-12-06 15:15:38 +00:00			`}`
Migrated IDE platform; accepting nonexisting diffs to make IDE happy 2019-02-27 21:39:31 +01:00			`} else {`
			`// No cookie containing valid authentication token found;`
			`// explicitly deleting any remaining cookie, then redirecting to loginpage`
			`setcookie('JWT', FALSE);`

			`header("HTTP/1.1 401 Unauthorized");`
			`header("Location: lucidAuth.login.php");`
			`}`

Added placeholder management page (usermanagement, dbmanagement) 2019-02-25 15:00:32 +01:00			`?>`