PHP WebShell

• .. (вверх)
• [DIR] ..
• [FILE] dismiss_trust_banner.php
• [FILE] revoke_device.php
• [FILE] revoke_session.php
• [FILE] sessions.php
• [FILE] trust_device.php

Просмотр файла: sessions.php

<?php
require_once __DIR__ . '/../../config/bootstrap.php';
require_once __DIR__ . '/../../lib/csrf.php';

if (empty($_SESSION['user_id'])) { header('Location: /auth/login.php'); exit; }
$userId = (int)$_SESSION['user_id'];

include __DIR__ . '/../common/header.php';

// Fetch sessions
$sess = [];
$q = $conn->prepare("SELECT user_id, php_session_id, is_remembered, ip_address, user_agent, created_at, last_seen_at, expires_at, revoked_at
                     FROM user_sessions
                     WHERE user_id=? AND (revoked_at IS NULL) ORDER BY last_seen_at DESC, created_at DESC LIMIT 50");
$q->bind_param('i', $userId); $q->execute();
$r = $q->get_result(); while ($row = $r->fetch_assoc()) $sess[] = $row; $q->close();

// Fetch devices
$devs = [];
$dq = $conn->prepare("SELECT udevice_id, device_id, device_label, first_ip, last_ip, last_seen_at, trusted_until, trusted
                      FROM user_devices WHERE user_id=? ORDER BY last_seen_at DESC, trusted_until DESC LIMIT 50");
$dq->bind_param('i', $userId); $dq->execute();
$dr = $dq->get_result(); while ($row = $dr->fetch_assoc()) $devs[] = $row; $dq->close();
?>
<style>
  .card-soft { border:1px solid rgba(7,98,137,.12); border-radius:12px; background:#fff; box-shadow:0 8px 24px rgba(7,98,137,.06); }
  .muted { color:#6b7280; }
  .btn-secure-primary{ background:#076289; border-color:#076289; color:#fff !important; }
  .btn-secure-primary:hover{ background:#fff; color:#076289 !important; box-shadow:0 0 0 3px rgba(7,98,137,.12); }
</style>

<div class="container my-4">
  <div class="offset-md-2 col-md-8">
    <h3>Your sessions & devices</h3>
    <p class="muted">Manage where you’re signed in and which devices are trusted.</p>

    <div class="card-soft p-3 mb-4">
      <h5 class="mb-2">Remembered sessions</h5>
      <?php if (!$sess): ?>
        <div class="muted">No active remembered sessions.</div>
      <?php else: ?>
        <div class="list-group">
          <?php foreach ($sess as $s): ?>
            <div class="list-group-item d-flex justify-content-between align-items-center">
              <div>
                <div><strong><?= htmlspecialchars($s['user_agent'] ?? 'Session') ?></strong></div>
                <div class="muted small">
                  IP: <?= htmlspecialchars($s['ip_address'] ?? '-') ?> •
                  Last seen: <?= htmlspecialchars($s['last_seen_at'] ?? $s['created_at']) ?>
                  <?php if (!empty($s['expires_at'])): ?> • Expires: <?= htmlspecialchars($s['expires_at']) ?><?php endif; ?>
                </div>
              </div>
              <form method="post" action="/user/security/revoke_session.php" class="ms-3">
                <input type="hidden" name="csrf" value="<?= htmlspecialchars(csrf_token()) ?>">
                <input type="hidden" name="id" value="<?= (int)$s['user_id'] ?>">
                <button class="btn btn-outline-danger btn-sm">Revoke</button>
              </form>
            </div>
          <?php endforeach; ?>
        </div>
      <?php endif; ?>
    </div>

    <div class="card-soft p-3">
      <h5 class="mb-2">Trusted devices</h5>
      <?php if (!$devs): ?>
        <div class="muted">No devices recorded yet.</div>
      <?php else: ?>
        <div class="list-group">
          <?php foreach ($devs as $d): ?>
            <div class="list-group-item d-flex justify-content-between align-items-center">
              <div>
                <div><strong><?= htmlspecialchars($d['device_label'] ?? 'Device') ?></strong>
                  <?php if (!empty($d['trusted']) && (new DateTimeImmutable($d['trusted_until'] ?? '1970-01-01')) > new DateTimeImmutable()): ?>
                    <span class="badge bg-success ms-2">Trusted</span>
                  <?php else: ?>
                    <span class="badge bg-secondary ms-2">Expired</span>
                  <?php endif; ?>
                </div>
                <div class="muted small">
                  Last IP: <?= htmlspecialchars($d['last_ip'] ?? '-') ?> •
                  Last seen: <?= htmlspecialchars($d['last_seen_at'] ?? '-') ?> •
                  Trusted until: <?= htmlspecialchars($d['trusted_until'] ?? '-') ?>
                </div>
              </div>
              <form method="post" action="/user/security/revoke_device.php" class="ms-3">
                <input type="hidden" name="csrf" value="<?= htmlspecialchars(csrf_token()) ?>">
                <input type="hidden" name="id" value="<?= (int)$d['udevice_id'] ?>">
                <button class="btn btn-outline-danger btn-sm">Revoke</button>
              </form>
            </div>
          <?php endforeach; ?>
        </div>
      <?php endif; ?>
    </div>

    <div class="text-center my-3">
      <a href="/user/account/account.php" class="btn btn-light border">Back to account</a>
    </div>
  </div>
</div>

<?php include __DIR__ . '/../common/footer.php'; ?>

Выполнить команду