added session revocation and settings menu for security measures
This commit is contained in:
20
common.php
20
common.php
@ -223,6 +223,26 @@ function token_revoke_all_for_user(string $userID): int {
|
||||
return $removed;
|
||||
}
|
||||
|
||||
/** Revoke every stored session (all users and devices). */
|
||||
function token_revoke_all_on_pdo(PDO $pdo): int
|
||||
{
|
||||
if (!qdb_table_exists($pdo, 'session')) {
|
||||
return 0;
|
||||
}
|
||||
$count = (int)$pdo->query('SELECT COUNT(*) FROM session')->fetchColumn();
|
||||
$pdo->exec('DELETE FROM session');
|
||||
return $count;
|
||||
}
|
||||
|
||||
function token_revoke_all(): int
|
||||
{
|
||||
require_once __DIR__ . '/db_init.php';
|
||||
[$pdo, $tmpDb, $lockFp] = qdb_open(true);
|
||||
$removed = token_revoke_all_on_pdo($pdo);
|
||||
qdb_save($tmpDb, $lockFp);
|
||||
return $removed;
|
||||
}
|
||||
|
||||
// --- Auth helpers for endpoints ---
|
||||
function get_bearer_token(): ?string {
|
||||
$auth = $_SERVER['HTTP_AUTHORIZATION'] ?? ($_SERVER['Authorization'] ?? '');
|
||||
|
||||
Reference in New Issue
Block a user