From 0e66e1d890ca775b50b43990a4d92c035c1eb5b2 Mon Sep 17 00:00:00 2001
From: vincent-peugnet <v.peugnet@free.fr>
Date: Thu, 9 Apr 2020 02:17:47 +0200
Subject: feature : cookie session management

---
 app/class/Controller.php     |  2 ++
 app/class/Controlleruser.php | 21 +++++++++++++++++----
 app/class/Modelauthtoken.php | 13 ++++++++++++-
 app/class/Routes.php         |  1 +
 app/view/templates/user.php  | 29 ++++++++++++++++++++++++++---
 5 files changed, 58 insertions(+), 8 deletions(-)

(limited to 'app')

diff --git a/app/class/Controller.php b/app/class/Controller.php
index 7398a7d..ab40a82 100644
--- a/app/class/Controller.php
+++ b/app/class/Controller.php
@@ -2,6 +2,7 @@
 
 namespace Wcms;
 
+use DateTime;
 use DateTimeImmutable;
 use League\Plates\Engine;
 
@@ -63,6 +64,7 @@ class Controller
         $commonsparams['user'] = $this->user;
         $commonsparams['pagelist'] = $this->pagemanager->list();
         $commonsparams['css'] = Model::csspath();
+        $commonsparams['now'] = new DateTimeImmutable();
         return $commonsparams;
     }
 
diff --git a/app/class/Controlleruser.php b/app/class/Controlleruser.php
index 3856914..0ec8092 100644
--- a/app/class/Controlleruser.php
+++ b/app/class/Controlleruser.php
@@ -12,12 +12,15 @@ class Controlleruser extends Controller
     public function desktop()
     {
         if($this->user->iseditor()) {
-            $getuser = $this->usermanager->get($this->user);
+            $authtokenmanager = new Modelauthtoken();
+            $datas['tokenlist'] = $authtokenmanager->listbyuser($this->user->id());
+            $datas['getuser'] = $this->usermanager->get($this->user);
+
             if($this->user->isadmin()) {
-                $userlist = $this->usermanager->getlister();
-                $this->showtemplate('user', ['userlist' => $userlist, 'getuser' => $getuser, 'now' => $this->now->format('Y-m-d')]);
+                $datas['userlist'] = $this->usermanager->getlister();
+                $this->showtemplate('user', $datas);
             } else {
-                $this->showtemplate('user', ['getuser' => $getuser]);
+                $this->showtemplate('user', $datas);
             }
         } else {
             $this->routedirect('home');
@@ -59,6 +62,16 @@ class Controlleruser extends Controller
         }
     }
 
+    public function token()
+    {
+        if (isset($_POST['tokendelete'])) {
+            
+            $authtokenmanager = new Modelauthtoken();
+            $authtokenmanager->delete($_POST['tokendelete']);
+        }
+        $this->routedirect('user');
+    }
+
     public function update()
     {
         if($this->user->isadmin() && isset($_POST['action'])) {
diff --git a/app/class/Modelauthtoken.php b/app/class/Modelauthtoken.php
index 18ef6a7..91a2a05 100644
--- a/app/class/Modelauthtoken.php
+++ b/app/class/Modelauthtoken.php
@@ -2,6 +2,7 @@
 
 namespace Wcms;
 
+use DateTimeImmutable;
 use JamesMoss\Flywheel\Document;
 
 class Modelauthtoken extends Modeldb
@@ -26,7 +27,9 @@ class Modelauthtoken extends Modeldb
         $datas = [
             'user' => $user->id(),
             'ip' => $_SERVER['SERVER_ADDR'],
-            'creationdate' => '1'
+            'date' => new DateTimeImmutable(),
+            'conservation' => $user->cookie(),
+            'useragent' => $_SERVER['HTTP_USER_AGENT']
         ];
         $tokendata = new Document($datas);
 
@@ -51,6 +54,14 @@ class Modelauthtoken extends Modeldb
         return $this->repo->delete($token);
     }
 
+    /**
+     * @param string $id user Id
+     */
+    public function listbyuser(string $id)
+    {
+        return $this->repo->query()->where('user', '==', $id)->orderBy('date')->execute();
+    }
+
 }
 
 
diff --git a/app/class/Routes.php b/app/class/Routes.php
index e71bf59..03e193c 100644
--- a/app/class/Routes.php
+++ b/app/class/Routes.php
@@ -43,6 +43,7 @@ class Routes
             ['POST', '/!user/add', 'Controlleruser#add', 'useradd'],
             ['POST', '/!user/update', 'Controlleruser#update', 'userupdate'],
             ['POST', '/!user/pref', 'Controlleruser#pref', 'userpref'],
+            ['POST', '/!user/token', 'Controlleruser#token', 'usertoken'],
             ['GET', '/!info', 'Controllerinfo#desktop', 'info'],
             ['GET', '/!timeline', 'Controllertimeline#desktop', 'timeline'],
             ['POST', '/!timeline/add', 'Controllertimeline#add', 'timelineadd'],
diff --git a/app/view/templates/user.php b/app/view/templates/user.php
index f7b2b25..ca944fd 100644
--- a/app/view/templates/user.php
+++ b/app/view/templates/user.php
@@ -10,7 +10,7 @@
 
 <main class="user">
 
-    <section>
+    <section id="pref">
         <div class="block">
 
             
@@ -36,12 +36,35 @@
                 <p>
                     <input type="number" name="cookie" value="<?= $getuser->cookie() ?>" id="cookie" min="0" max="365">
                     <label for="cookie">Cookie conservation time <i>(In days)</i></label>
+                    <p>When you tick the <em>remember-me</em> checkbox during login, you can choose how much time <strong>W</strong> will remember you.</p>
                     <input type="submit" value="submit">
                 </p>
                     
                 </form>
 
 
+
+
+                <h2>Sessions Tokens</h2>
+
+                <ul>
+
+                <?php foreach ($tokenlist as $token ) {
+                    ?>
+                    <li >
+                        <code>
+                            ip : <?= $token->ip ?> | date : <?= $token->date['date'] ?> | conservation : <?= $token->conservation ?> days | user agent : <?= $token->useragent ?>
+                        </code>
+                        <form action="<?= $this->url('usertoken') ?>" method="post">
+                        <input type="hidden" name="tokendelete" value="<?= $token->getId() ?>" >
+                        <input type="submit" value="delete">
+                        </form>
+
+                    </li>
+                <?php
+                } ?>
+                </ul>
+
             </div>
 
 
@@ -89,7 +112,7 @@
                         </select>
                     </td>
                     <td>
-                        <input type="date" name="expiredate" id="expiredate" min="<?= $now ?>">
+                        <input type="date" name="expiredate" id="expiredate" min="<?= $now->format('Y-m-d'); ?>">
                     </td>
                     <td>
                         <input type="submit" value="add">
@@ -136,7 +159,7 @@
 
 
                     <td>
-                        <input type="date" name="expiredate" id="expiredate"<?= $user->expiredate() !== false ?  'value="' . $user->expiredate('string') . '"' : '' ?>>
+                        <input type="date" name="expiredate" id="expiredate"<?= $user->expiredate() !== false ?  'value="' . $user->expiredate('string') . '"' : '' ?>  min="<?= $now->format('Y-m-d'); ?>">
                         <span>reset<input type="checkbox" name="expiredate" id="expiredate" value="null"></span>
                         
                     </td>
-- 
cgit v1.2.3