[RFC|Merged] Ability to delete auto login keys

These requests for comments/change have lead to an implemented feature that has been successfully merged into the 3.1/Ascraeus branch. Everything listed in this forum will be available in phpBB 3.1.
Elglobo
Registered User
Posts: 2
Joined: Thu Nov 29, 2007 5:03 pm

Re: [RFC|Accepted] Ability to delete auto login keys

Post by Elglobo »

bantu wrote:A user interface / ucp module has to be written.
Where do you see exactly this module ? In UCP -> Profile or a new tab dedicated ?

Danielx64
Registered User
Posts: 304
Joined: Mon Feb 08, 2010 3:42 am

Re: [RFC|Accepted] Ability to delete auto login keys

Post by Danielx64 »

UCP > Profile > Edit account settings or under a new tab in UCP > Profile and call it forum sessions or something like that.

User avatar
nickvergessen
Former Team Member
Posts: 733
Joined: Sun Oct 07, 2007 11:54 am
Location: Stuttgart, Germany
Contact:

Re: [RFC|Accepted] Ability to delete auto login keys

Post by nickvergessen »

*Daniel wrote:call it forum sessions or something like that.
Better would be auto login keys?
Member of the Development-TeamNo Support via PM

User avatar
A_Jelly_Doughnut
Registered User
Posts: 1780
Joined: Wed Jun 04, 2003 4:23 pm

Re: [RFC|Accepted] Ability to delete auto login keys

Post by A_Jelly_Doughnut »

Could integrate this functionality into the "delete coolies set by this forum" feature. The two concepts are closely related.
A_Jelly_Doughnut

User avatar
Ger
Registered User
Posts: 293
Joined: Mon Jul 26, 2010 1:55 pm
Location: 192.168.1.100
Contact:

Re: [RFC|Accepted] Ability to delete auto login keys

Post by Ger »

A_Jelly_Doughnut wrote:Could integrate this functionality into the "delete coolies set by this forum" feature. The two concepts are closely related.
This seems the most sensible and easy way to do this. When someone is bothered with logins, they probably use this feature. In the confirm text some more explanation should be provided, something like:
Are you sure you want to delete all cookies set by this board? This will also remove any stored login sessions for your account on other computers.
The link should be renamed to
Delete cookies and sessions set by this forum
When confirmed, the tables phpbb_sessions and phpbb_sessions_keys should be searched for the current user_id and delete those.

This should be easy to implement and is very easily understood by the end user (I don't think the avarage joe would look for something like this in the UCP).
Above message may contain errors in grammar, spelling or wrongly chosen words. This is because I'm not a native speaker. My apologies in advance.

User avatar
Ger
Registered User
Posts: 293
Joined: Mon Jul 26, 2010 1:55 pm
Location: 192.168.1.100
Contact:

Re: [RFC|Accepted] Ability to delete auto login keys

Post by Ger »

I'm not yet familiar with GIT, but here's my solution for this (based on the system described in my previous post):

OPEN
./ucp.php

FIND

Code: Select all

	case 'delete_cookies':

		// Delete Cookies with dynamic names (do NOT delete poll cookies)
		if (confirm_box(true))
		{
			$set_time = time() - 31536000;

			foreach ($_COOKIE as $cookie_name => $cookie_data)
			{
				// Only delete board cookies, no other ones...
				if (strpos($cookie_name, $config['cookie_name'] . '_') !== 0)
				{
					continue;
				}

				$cookie_name = str_replace($config['cookie_name'] . '_', '', $cookie_name);

				// Polls are stored as {cookie_name}_poll_{topic_id}, cookie_name_ got removed, therefore checking for poll_
				if (strpos($cookie_name, 'poll_') !== 0)
				{
					$user->set_cookie($cookie_name, '', $set_time);
				}
			}

			$user->set_cookie('track', '', $set_time);
			$user->set_cookie('u', '', $set_time);
			$user->set_cookie('k', '', $set_time);
			$user->set_cookie('sid', '', $set_time);

			// We destroy the session here, the user will be logged out nevertheless
			$user->session_kill();
			$user->session_begin();

			meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));

			$message = $user->lang['COOKIES_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
			trigger_error($message);
		}
		else
		{
			confirm_box(false, 'DELETE_COOKIES', '');
		}

		redirect(append_sid("{$phpbb_root_path}index.$phpEx"));

	break;
REPLACE WITH

Code: Select all

	case 'delete_cookies_sessions':

		if (confirm_box(true))
		{
			// Delete Cookies with dynamic names (do NOT delete poll cookies)
			$set_time = time() - 31536000;

			foreach ($_COOKIE as $cookie_name => $cookie_data)
			{
				// Only delete board cookies, no other ones...
				if (strpos($cookie_name, $config['cookie_name'] . '_') !== 0)
				{
					continue;
				}

				$cookie_name = str_replace($config['cookie_name'] . '_', '', $cookie_name);

				// Polls are stored as {cookie_name}_poll_{topic_id}, cookie_name_ got removed, therefore checking for poll_
				if (strpos($cookie_name, 'poll_') !== 0)
				{
					$user->set_cookie($cookie_name, '', $set_time);
				}
			}

			$user->set_cookie('track', '', $set_time);
			$user->set_cookie('u', '', $set_time);
			$user->set_cookie('k', '', $set_time);
			$user->set_cookie('sid', '', $set_time);

			// We destroy the session here, the user will be logged out nevertheless
			$user->session_kill();
			$user->session_begin();

			// Delete all sessions by this user in de sessions tables
			$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
				WHERE session_user_id = " . $user->data['user_id'];
			$db->sql_query($sql);
			$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . "
				WHERE user_id = ". $user->data['user_id'];
			$db->sql_query($sql);

			meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));

			$message = $user->lang['COOKIES_SESSIONS_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
			trigger_error($message);
		}
		else
		{
			confirm_box(false, 'DELETE_COOKIES_SESSIONS', '');
		}

		redirect(append_sid("{$phpbb_root_path}index.$phpEx"));

	break;
OPEN
./includes/functions.php
FIND

Code: Select all

		'U_DELETE_COOKIES'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=delete_cookies'),
REPLACE WITH

Code: Select all

		'U_DELETE_COOKIES_SESSIONS'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=delete_cookies_sessions'),
OPEN
./language/en/common.php
FIND

Code: Select all

	'COOKIES_DELETED'		=> 'All board cookies successfully deleted.',
REPLACE WITH

Code: Select all

	'COOKIES_SESSIONS_DELETED'		=> 'All board cookies and login sessions are successfully deleted.',
FIND

Code: Select all

	'DELETE_COOKIES'		=> 'Delete all board cookies',
REPLACE WITH

Code: Select all

	'DELETE_COOKIES_SESSIONS'		=> 'Delete all board cookies and sessions',
OPEN
./language/en/ucp.php
FIND

Code: Select all

	'DELETE_COOKIES_CONFIRM'	=> 'Are you sure you want to delete all cookies set by this board?',
REPLACE WITH

Code: Select all

	'DELETE_COOKIES_SESSIONS_CONFIRM'	=> 'Are you sure you want to delete all cookies and login sessions set by this board? This wil also delete login sessions of this board stored by other systems. You will also get logged out.',
OPEN
./styles/prosilver/template/overall_footer.html
FIND

Code: Select all

<!-- IF not S_IS_BOT --><a href="{U_DELETE_COOKIES}">{L_DELETE_COOKIES}</a> &bull; <!-- ENDIF -->
REPLACE WITH

Code: Select all

<!-- IF not S_IS_BOT --><a href="{U_DELETE_COOKIES_SESSIONS}">{L_DELETE_COOKIES_SESSIONS}</a> &bull; <!-- ENDIF -->
OPEN
./styles/subsilver2/template/index_body.html
FIND

Code: Select all

<!-- IF not S_IS_BOT --><a href="{U_DELETE_COOKIES}">{L_DELETE_COOKIES}</a><!-- ENDIF -->
REPLACE WITH

Code: Select all

<!-- IF not S_IS_BOT --><a href="{U_DELETE_COOKIES_SESSIONS}">{L_DELETE_COOKIES_SESSIONS}</a><!-- ENDIF -->
EoM
Above message may contain errors in grammar, spelling or wrongly chosen words. This is because I'm not a native speaker. My apologies in advance.

dhruv.goel92
Registered User
Posts: 22
Joined: Sun Mar 18, 2012 9:30 pm

Re: [RFC|Accepted] Ability to delete auto login keys

Post by dhruv.goel92 »

I have made a PR. If some could take a look and suggest improvements if any.
One improvement i thought of adding was to highlight the current sessions key.

https://github.com/phpbb/phpbb3/pull/652

User avatar
naderman
Consultant
Posts: 1727
Joined: Sun Jan 11, 2004 2:11 am
Location: Berlin, Germany
Contact:

Re: [RFC|Merged] Ability to delete auto login keys

Post by naderman »

This has been merged today. There is still a plan to rename the feature of remembering login info everywhere to "Remember Me": http://tracker.phpbb.com/browse/PHPBB3-10771 - but that is not part of this RFC anymore.

Post Reply