AppGini Community Forums

A place where AppGini users can exchange ideas and help each other.
https://forums.appgini.com:443/phpbb/

Improve Security (1) - Session Control for AppGini

https://forums.appgini.com:443/phpbb/viewtopic.php?f=8&t=3635

Page 1 of 1

Improve Security (1) - Session Control for AppGini

Posted: 2020-05-10 08:42
by sathukorala
In this, I will show you how to implement user session control for AppGini which will give you added security for your apps

15.png
15.png (27.39 KiB) Viewed 33466 times


Follow the below steps

1. Create a file called session_keep.php in main folder with the following code (you can create a file with any name)

Code: Select all

<?php
$script_name = basename($_SERVER['PHP_SELF']);
$user = getLoggedMemberID();
	if($script_name == 'index.php' && (isset($_GET['signIn']) || isset($_GET['loginFailed'])) || $user == "guest"){ // this prevents session out in login page and guest access pages
			session_unset();
			session_destroy();
	}
	else {
			session_start();
			if($_SESSION['session_count'] == 0) {
			$_SESSION['session_count'] = 1;
			$_SESSION['session_start_time']=time();
				} else {
					$_SESSION['session_count'] = $_SESSION['session_count'] + 1;
				}

				$session_timeout = 60; // enter number of seconds here for session to live (in sec) - 60 = 1 minute - 1800/60 = 30 min

				$session_duration = time() - $_SESSION['session_start_time'];
				if ($session_duration > $session_timeout) {
				session_unset();
				session_destroy();
				session_start();
				session_regenerate_id(true);

				header("Location: index.php?signIn=1"); // Redirect to Login Page - index.php?signIn=1 - or whatever you wish
				$_SESSION['custom_err_msg']= "Your session has expired !!! Please login again"; // Enter the session out prompt you want
				} else {
				$_SESSION['session_start_time']=time();
				}

		}
?>
2. Include the session_keep.php file in hooks > footer-extras.php

Code: Select all

<?php
include("$currDir/session_keep.php");
?>
3. Add following code to hooks > header-extras.php (This is the message prompt seen on the upper part of the window)

Code: Select all

<?php	
if (isset($_SESSION['custom_err_msg'])) {
	$customError ='<div id="customErrorMessage" class="custmErrMsg alert alert-dismissable alert-danger">'.$_SESSION['custom_err_msg'].'</div>';
	echo $customError;			
	if ($_SESSION['custom_err_shown'] == 1){
		unset($_SESSION['custom_err_msg']);
		$_SESSION['custom_err_shown'] = 0;
	} 
	else {
		$_SESSION['custom_err_shown'] = 1;
	}				
}

?>

That's all
You can set the session out time in seconds in $session_timeout
This session out will not work on login page and guest access pages because they are not used by logged in users

Feel free to comment

Re: Improve Security (1) - Session Control for AppGini

Posted: 2020-05-16 00:14
by Jay Webb
Thanks for this sathukorala, fantastic addition.

Re: Improve Security (1) - Session Control for AppGini

Posted: 2020-05-28 03:44
by dharbitindy
Works great! Thank you for sharing indeed...

David

Re: Improve Security (1) - Session Control for AppGini

Posted: 2021-08-15 16:54
by jmacdougall
I try to login now and it just loops me back. I am also using your CAPTCHA v2 checkbox. My AG is v5.97 rev 1142

Here is my link... h t t p s://ccshelpdesk dot com

Re: Improve Security (1) - Session Control for AppGini

Posted: 2021-08-16 11:31
by jmacdougall
I ended up removing this function for now so I can work on my project. I will for now but, would like to know if this can be resolved. Thanks for your efforts!
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/