Malin/domnitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e334f7c9d608a23c5a3e93759bbbc573bd9cb7fc
domnitor/core/SessionValidator.php
Hosteroid e5b9599755 Upgraded to 1.1.0 
1.1.0 (2025-10-09)
- **User Notifications System** - In-app notification center with 7 notification types, filtering, pagination
- **Advanced Session Management** - Database-backed sessions with geolocation (country, city, ISP)
- **Remote Session Control** - Terminate any device instantly with immediate logout validation
- **Enhanced Profile Page** - Sidebar navigation with 4 tabs, hash-based routing (#profile, #security, #sessions)
- **MVC Architecture Refactoring** - 3 new Helpers (Layout, Domain, Session), ~265 lines cleaned from views
- **Geolocation Tracking** - IP-based location detection using ip-api.com, country flags with flag-icons
- **Device Detection** - Browser & device type parsing (Chrome/Firefox/Safari, Desktop/Mobile/Tablet)
- **Auto-Detected Cron Paths** - Settings show actual installation paths (thanks @jadeops)
- **Welcome Notifications** - Sent to new users on registration or fresh install
- **Upgrade Notifications** - Admins notified on system updates with version & migration count
- **Web-Based Installer** - Replaces CLI, auto-generates encryption key, one-time password display
- **Web-Based Updater** - `/install/update` for running new migrations with smart detection
- **User Registration** - Full signup flow with email verification, password reset, resend verification
- **User Management** - CRUD for users with filtering, sorting, pagination (admin-only)
- **Remember Me** - 30-day secure tokens linked to sessions, cascade deletion on logout
- **Session Validator** - Middleware validates sessions on every request for instant remote logout
- **Consistent UI/UX** - Unified filtering, sorting, pagination across Domains, Users, Notifications, TLD Registry
- **Smart Migrations** - Consolidated schema for fresh installs, incremental for upgrades
- **XSS Protection** - htmlspecialchars() applied across all user-facing data (thanks @jadeops)
2025-10-09 18:02:46 +03:00

59 lines
1.8 KiB
PHP
Raw Blame History

<?php
namespace Core;
/**
* Session Validator Middleware
*
* Validates that the current session exists in database.
* If session was deleted (logged out remotely), forces re-login.
*/
class SessionValidator
{
/**
* Validate current session against database
* If session doesn't exist in DB, destroy it and force login
*/
public static function validate(): void
{
// Skip if not logged in
if (!isset($_SESSION['user_id'])) {
return;
}
try {
$sessionId = session_id();
$pdo = Database::getConnection();
// Check if this session exists in database
$stmt = $pdo->prepare("SELECT user_id FROM sessions WHERE id = ?");
$stmt->execute([$sessionId]);
$result = $stmt->fetch(\PDO::FETCH_ASSOC);
// If session not found in DB, it was deleted remotely
if (!$result) {
// Session was deleted - logout this user
session_destroy();
session_start();
$_SESSION['error'] = 'Your session was terminated remotely. Please login again.';
header('Location: /login');
exit;
}
// If session exists but user_id doesn't match, something is wrong
if ($result['user_id'] != $_SESSION['user_id']) {
session_destroy();
session_start();
$_SESSION['error'] = 'Session validation failed. Please login again.';
header('Location: /login');
exit;
}
} catch (\Exception $e) {
// If sessions table doesn't exist, allow normal operation (graceful fallback)
error_log("Session validation failed: " . $e->getMessage());
}
}
}
Reference in New Issue View Git Blame Copy Permalink