added session revocation and settings menu for security measures

This commit is contained in:
2026-06-03 23:10:26 +02:00
parent ffe6d04d75
commit d80a8de559
12 changed files with 682 additions and 5 deletions

View File

@ -223,6 +223,26 @@ function token_revoke_all_for_user(string $userID): int {
return $removed;
}
/** Revoke every stored session (all users and devices). */
function token_revoke_all_on_pdo(PDO $pdo): int
{
if (!qdb_table_exists($pdo, 'session')) {
return 0;
}
$count = (int)$pdo->query('SELECT COUNT(*) FROM session')->fetchColumn();
$pdo->exec('DELETE FROM session');
return $count;
}
function token_revoke_all(): int
{
require_once __DIR__ . '/db_init.php';
[$pdo, $tmpDb, $lockFp] = qdb_open(true);
$removed = token_revoke_all_on_pdo($pdo);
qdb_save($tmpDb, $lockFp);
return $removed;
}
// --- Auth helpers for endpoints ---
function get_bearer_token(): ?string {
$auth = $_SERVER['HTTP_AUTHORIZATION'] ?? ($_SERVER['Authorization'] ?? '');