Added garbage collection for expired and defunct tokens in database.

public/lucidAuth.manage.php

@@ -9,23 +9,36 @@
 
 	if ($validateTokenResult['status'] === "Success") {
         if ($_REQUEST['do'] === 'retrievesessions') {
+            $storedTokens = [];
+
             $pdoQuery = $pdoDB->prepare('
                 SELECT SecureToken.Id, SecureToken.UserId, SecureToken.Value
                 FROM SecureToken
-                WHERE SecureToken.Id = :userid
+                WHERE SecureToken.UserId = :userid
             ');
             $pdoQuery->execute([
                 ':userid'	=>	(int) $_REQUEST['userid']
             ]);
             foreach($pdoQuery->fetchAll(PDO::FETCH_ASSOC) as $row) {
-                //bla
+                try {
+                    $JWTPayload = JWT::decode($row['Value'], base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
+                    $storedTokens[] = [
+                        'iat'	=> $JWTPayload->iat,
+                        'iss'	=> $JWTPayload->iss,
+                        'fp'    => $JWTPayload->fp
+                    ];
+                } catch (Exception $e) {
+                    // Invalid token
+                    continue;
+                }
             }
 
             // Return JSON object
 			header('Content-Type: application/json');
 			echo json_encode([
 				"Result"       => "Success",
-                "UserSessions" => json_encode( $moo )
+                "SessionCount" => sizeof($storedTokens),
+                "UserSessions" => json_encode($storedTokens)
 			]);
         } else {
             // No action requested, default action