PHP WebShell
Текущая директория: /var/www/bitcardoApp/backyard/user/security
Просмотр файла: sessions.php
<?php
include '../common/header.php';
if (!isset($conn)) { include_once '../../config/db_config.php'; }
require_once '../../models/security/sessions.php';
$user_q = isset($_GET['q']) ? trim($_GET['q']) : '';
$sessions = sc_list_sessions($conn, $user_q);
$devices = sc_list_devices($conn, $user_q);
function h($s){ return htmlspecialchars((string)$s, ENT_QUOTES, 'UTF-8'); }
?>
<style>
.sec-card{border-radius:12px;}
.badge-soft{opacity:.9;}
</style>
<div class="nk-content nk-content-fluid mt-5">
<div class="container-xl wide-lg">
<div class="nk-content-body">
<div class="nk-block-head">
<div class="nk-block-between-md g-4 align-items-center">
<div class="nk-block-head-content">
<h4 class="nk-block-title fw-normal mb-1">Sessions & Device Trust Center</h4>
<p class="text-soft mb-0">Manage active sessions and trusted devices. Revoke, trust, or untrust as needed.</p>
</div>
<div class="nk-block-head-content">
<a href="../dashboard/index.php" class="btn btn-outline-secondary btn-sm">Back</a>
</div>
</div>
</div>
<!-- Filter -->
<div class="nk-block">
<div class="card card-bordered sec-card">
<div class="card-inner">
<form class="row g-2" method="get">
<div class="col-12 col-md-6">
<label class="form-label small">User (id/name/email/phone)</label>
<input type="text" name="q" class="form-control" value="<?= h($user_q); ?>" placeholder="Search user">
</div>
<div class="col-12 col-md-3 d-grid d-md-block pt-4">
<button class="btn btn-primary mt-2 mt-md-0">Apply</button>
<a class="btn btn-light mt-2 mt-md-0" href="sessions.php">Reset</a>
</div>
</form>
</div>
</div>
</div>
<!-- Sessions -->
<div class="nk-block">
<div class="card card-bordered sec-card">
<div class="card-inner">
<div class="d-flex justify-content-between align-items-center mb-2">
<h6 class="mb-0">Active Sessions</h6>
<div class="small text-soft"><?= count($sessions); ?> rows</div>
</div>
<div class="table-responsive d-none d-md-block">
<table class="table table-striped align-middle">
<thead class="small text-soft">
<tr>
<th>#</th><th>User</th><th>IP</th><th>UA</th>
<th>Created</th><th>Last Seen</th><th>Expires</th><th>Status</th><th>Action</th>
</tr>
</thead>
<tbody>
<?php if(empty($sessions)): ?>
<tr><td colspan="9" class="text-center text-muted py-4">No sessions.</td></tr>
<?php else: $i=1; foreach($sessions as $s): ?>
<tr data-id="<?= (int)$s['usession_id']; ?>">
<td><?= $i++; ?></td>
<td class="small">
<div class="fw-semibold"><?= h(trim(($s['first_name']??'').' '.($s['last_name']??'')) ?: '—'); ?></div>
<div class="text-soft"><?= h($s['email'] ?: ''); ?></div>
</td>
<td class="small"><?= h($s['ip_address']); ?></td>
<td class="small text-break" style="max-width:240px;"><?= h($s['user_agent']); ?></td>
<td class="small"><?= h($s['created_at']); ?></td>
<td class="small"><?= h($s['last_seen_at'] ?: '—'); ?></td>
<td class="small"><?= h($s['expires_at'] ?: '—'); ?></td>
<td>
<?php if($s['revoked_at']): ?>
<span class="badge bg-danger badge-soft">Revoked</span>
<?php else: ?>
<span class="badge bg-success badge-soft">Active</span>
<?php endif; ?>
</td>
<td>
<button class="btn btn-sm btn-outline-danger btnRevoke" <?= $s['revoked_at']?'disabled':''; ?>>Revoke</button>
</td>
</tr>
<?php endforeach; endif; ?>
</tbody>
</table>
</div>
<!-- Mobile cards -->
<div class="d-md-none">
<?php if(empty($sessions)): ?>
<div class="alert alert-light border mb-0">No sessions.</div>
<?php else: foreach($sessions as $s): ?>
<div class="border rounded-3 p-3 mb-2" data-id="<?= (int)$s['usession_id']; ?>">
<div class="d-flex justify-content-between">
<div class="fw-semibold small"><?= h(trim(($s['first_name']??'').' '.($s['last_name']??'')) ?: '—'); ?></div>
<span class="badge <?= $s['revoked_at']?'bg-danger':'bg-success'; ?> badge-soft">
<?= $s['revoked_at']?'Revoked':'Active'; ?>
</span>
</div>
<div class="small text-soft"><?= h($s['email'] ?: ''); ?></div>
<div class="small mt-1">IP: <?= h($s['ip_address']); ?></div>
<div class="small">Created: <?= h($s['created_at']); ?></div>
<div class="small">Last Seen: <?= h($s['last_seen_at'] ?: '—'); ?></div>
<div class="d-flex mt-2">
<button class="btn btn-outline-danger btn-sm btnRevoke" <?= $s['revoked_at']?'disabled':''; ?>>Revoke</button>
</div>
</div>
<?php endforeach; endif; ?>
</div>
</div>
</div>
</div>
<!-- Devices -->
<div class="nk-block">
<div class="card card-bordered sec-card">
<div class="card-inner">
<div class="d-flex justify-content-between align-items-center mb-2">
<h6 class="mb-0">Devices</h6>
<div class="small text-soft"><?= count($devices); ?> rows</div>
</div>
<div class="table-responsive d-none d-md-block">
<table class="table table-striped align-middle">
<thead class="small text-soft">
<tr>
<th>#</th><th>User</th><th>Device ID</th>
<!-- <th>Fingerprint</th> -->
<th>First/Last Seen</th><th>IP (first/last)</th><th>Trusted</th><th>Action</th>
</tr>
</thead>
<tbody>
<?php if(empty($devices)): ?>
<tr><td colspan="8" class="text-center text-muted py-4">No devices.</td></tr>
<?php else: $i=1; foreach($devices as $d): ?>
<tr data-id="<?= (int)$d['udevice_id']; ?>">
<td><?= $i++; ?></td>
<td class="small">
<div class="fw-semibold"><?= h(trim(($d['first_name']??'').' '.($d['last_name']??'')) ?: '—'); ?></div>
<div class="text-soft"><?= h($d['email'] ?: ''); ?></div>
</td>
<td class="small"><?= h($d['device_id']); ?></td>
<!-- <td class="small text-break" style="max-width:220px;"><?= h($d['device_fingerprint']); ?></td> -->
<td class="small"><?= h($d['first_seen_at']); ?><br><?= h($d['last_seen_at'] ?: '—'); ?></td>
<td class="small"><?= h($d['first_ip']); ?><br><?= h($d['last_ip'] ?: '—'); ?></td>
<td>
<?php if($d['trusted']): ?>
<span class="badge bg-success">Trusted</span><br>
<small class="text-soft"><?= h($d['trusted_until'] ?: '—'); ?></small>
<?php else: ?>
<span class="badge bg-secondary">Not trusted</span>
<?php endif; ?>
</td>
<td>
<div class="d-flex gap-1">
<input type="datetime-local" class="form-control form-control-sm w-auto" style="min-width: 220px"
value="<?= $d['trusted_until'] ? date('Y-m-d\TH:i', strtotime($d['trusted_until'])) : '' ; ?>"
data-role="until">
<?php if($d['trusted']): ?>
<button class="btn btn-sm btn-outline-warning btnUntrust p-2">Untrust</button>
<?php else: ?>
<button class="btn btn-sm btn-outline-success btnTrust p-2">Trust</button>
<?php endif; ?>
</div>
</td>
</tr>
<?php endforeach; endif; ?>
</tbody>
</table>
</div>
<!-- Mobile cards -->
<div class="d-md-none">
<?php if(empty($devices)): ?>
<div class="alert alert-light border mb-0">No devices.</div>
<?php else: foreach($devices as $d): ?>
<div class="border rounded-3 p-3 mb-2" data-id="<?= (int)$d['udevice_id']; ?>">
<div class="d-flex justify-content-between">
<div class="fw-semibold small"><?= h(trim(($d['first_name']??'').' '.($d['last_name']??'')) ?: '—'); ?></div>
<span class="badge <?= $d['trusted']?'bg-success':'bg-secondary'; ?>">
<?= $d['trusted']?'Trusted':'Not trusted'; ?>
</span>
</div>
<div class="small text-soft"><?= h($d['email'] ?: ''); ?></div>
<div class="small mt-1">Device: <?= h($d['device_id']); ?></div>
<div class="small">First: <?= h($d['first_seen_at']); ?>, Last: <?= h($d['last_seen_at'] ?: '—'); ?></div>
<div class="d-flex gap-1 mt-2 flex-wrap">
<input type="datetime-local" class="form-control form-control-sm w-100" data-role="until"
value="<?= $d['trusted_until'] ? date('Y-m-d\TH:i', strtotime($d['trusted_until'])) : '' ; ?>">
<?php if($d['trusted']): ?>
<button class="btn btn-sm btn-outline-warning w-100 btnUntrust p-2">Untrust</button>
<?php else: ?>
<button class="btn btn-sm btn-outline-success w-100 btnTrust p-2">Trust</button>
<?php endif; ?>
</div>
</div>
<?php endforeach; endif; ?>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<script>
(function(){
// revoke session
document.addEventListener('click', async (e)=>{
if(e.target.closest('.btnRevoke')){
if(!confirm('Revoke this session?')) return;
const row = e.target.closest('[data-id]'); const id = row.getAttribute('data-id');
const fd = new FormData(); fd.append('action','revoke'); fd.append('session_id', id);
const r = await fetch('../../models/security/sessions_actions.php', { method:'POST', body: fd });
const j = await r.json(); if(!j.success){ alert('Revoke failed'); return; }
location.reload();
}
if(e.target.closest('.btnTrust')){
const row = e.target.closest('[data-id]'); const id = row.getAttribute('data-id');
const until = row.querySelector('[data-role="until"]')?.value || '';
const fd = new FormData(); fd.append('action','trust'); fd.append('device_id', id); fd.append('trusted_until', until);
const r = await fetch('../../models/security/sessions_actions.php', { method:'POST', body: fd });
const j = await r.json(); if(!j.success){ alert('Trust failed'); return; }
location.reload();
}
if(e.target.closest('.btnUntrust')){
const row = e.target.closest('[data-id]'); const id = row.getAttribute('data-id');
const fd = new FormData(); fd.append('action','untrust'); fd.append('device_id', id);
const r = await fetch('../../models/security/sessions_actions.php', { method:'POST', body: fd });
const j = await r.json(); if(!j.success){ alert('Untrust failed'); return; }
location.reload();
}
});
})();
</script>
<?php include '../common/footer.php'; ?>
Выполнить команду
Для локальной разработки. Не используйте в интернете!