Merge pull request #195 from globaldyne/v12.0

V12.0
globaldyne · Nov 16, 2024 · a92d2f3 · a92d2f3
2 parents d59731d + d235e12
commit a92d2f3
Show file tree

Hide file tree

Showing 103 changed files with 8,947 additions and 6,852 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,35 @@
 # CHANGELOG
+### Version 12.0
+- Lids inventory dropped to accessories
+- Minor overall UI updates
+- Migrating backend scripts under a common backend api
+- Import json functions update
+- Added import for accessories
+- Added import for bottles
+- Added import for suppliers
+- Added import for customers
+- Droped old CSV export for suppliers
+- Fixed pagination for suppliers
+- Formula scaling improvements
+- Added ingredient to formula backend update
+- Fix invalid formula update date on empty formulas
+- Update empty table message
+- Rename sex to gender
+- Error handling improvements
+- Date Format update
+- Auto update image for formulas when uploaded
+- Auto update text title and description after a succesfull update for a formula
+- File upload improvements
+- Various wording updates
+- Removed user alert to reload formula settings pages when making a changes
+- Added openshift yaml manifests
+- Improve db connect method
+- Added a dedicated page to display in case of fatal error
+- Added a session timeout to automatically logoff the user after 30 minutes of inactivity - configurable by user
+- Change selected material color to yellow in formula making for better descrimination
+- Various minor updates and code clean-up
+- Added a function to convert session time to hours/mins
+
 ### Version 11.9
 - Added system logs access via the UI for docker/cloud installations - this comes disabled by default
 - Hide properties column in formulas

diff --git a/VERSION.md b/VERSION.md
@@ -1 +1 @@
-11.9
+12.0
diff --git a/core/ajax-session.php b/core/ajax-session.php
@@ -1,14 +1,50 @@
 <?php
-if (session_status() == PHP_SESSION_NONE) {
-    session_start();  // Start the session only if not already started
+
+define('pvault_panel', TRUE);
+define('__ROOT__', dirname(dirname(__FILE__))); 
+
+if (session_status() === PHP_SESSION_NONE) {
+    session_start();
+}
+
+if(strtoupper(getenv('PLATFORM')) === "CLOUD"){
+	$session_timeout = getenv('SYS_TIMEOUT') ?: 1800;
+} else {
+	require_once(__ROOT__.'/inc/config.php');
+}
+
+if ((time() - $_SESSION['parfumvault_time']) > $session_timeout) {
+    session_unset();
+    session_destroy();
+
+    echo json_encode( 
+		array(
+			'session_status' => false,
+			'session_timeout' => $session_timeout,
+			'session_time' => $_SESSION['parfumvault_time'] ?? null
+		)
+	);
+    return;
 }
 
-if(!isset( $_SESSION['parfumvault']) || $_SESSION['parfumvault'] == false) {
-    //expired
-    echo "-1";
+if(!isset( $_SESSION['parfumvault']) || $_SESSION['parfumvault'] === false) {
+    //session is expired
+	echo json_encode( 
+		array(
+			'session_status' => false,
+			'session_timeout' => $session_timeout,
+			'session_time' => $_SESSION['parfumvault_time'] ?? null
+		)
+	);
     session_destroy();
 } else {
-    //not expired
-    echo "1";
+    //session is valid
+	echo json_encode( 
+		array(
+			'session_status' => true,
+			'session_timeout' => $session_timeout,
+			'session_time' => $_SESSION['parfumvault_time']
+		)
+	);
 }
 ?>
diff --git a/core/auth.php b/core/auth.php
@@ -4,6 +4,12 @@
 
 require_once(__ROOT__.'/inc/opendb.php');
 
+if(strtoupper(getenv('PLATFORM')) === "CLOUD"){
+	$session_timeout = getenv('SYS_TIMEOUT') ?: 1800;
+} else {
+	require_once(__ROOT__.'/inc/config.php');
+}
+
 if($_POST['action'] == 'login'){
 
 	if(empty($_POST['email']) || empty($_POST['password'])){
@@ -20,9 +26,32 @@
 
 	if($row['id']){
 		if (session_status() === PHP_SESSION_NONE) {
+			 session_set_cookie_params([
+				'lifetime' => $session_timeout, // Set cookie lifetime to 30 minutes
+				'path' => '/', // Make the cookie accessible throughout the domain
+				'secure' => isset($_SERVER['HTTPS']), // Secure cookie if using HTTPS
+				'httponly' => true, // Prevent JavaScript from accessing the cookie
+				'samesite' => 'Strict', // Protect against CSRF attacks
+			]);
     		session_start();
 		}
 
+		if (isset($_SESSION['parfumvault_time'])) {
+			if ((time() - $_SESSION['parfumvault_time']) > $session_timeout) {
+				session_unset();
+				session_destroy();
+
+				$response['auth']['error'] = true;
+				$response['auth']['msg'] = 'Session expired. Please log in again.';
+				echo json_encode($response);
+				return;
+			} else {
+				$_SESSION['parfumvault_time'] = time();
+			}
+		} else {
+			$_SESSION['parfumvault_time'] = time();
+		}
+
 		$_SESSION['parfumvault'] = true;
 		$_SESSION['userID'] = $row['id'];
 		if($_POST['do']){

diff --git a/core/configureSystem.php b/core/configureSystem.php
@@ -94,13 +94,14 @@
 $tmp_path = "/tmp/";
 $allowed_ext = "pdf, doc, docx, xls, csv, xlsx, png, jpg, jpeg, gif";
 $max_filesize = "4194304"; //in bytes
+$session_timeout = 1800; //Time in seconds
 ?>
 ';
-	if (session_status() === PHP_SESSION_NONE) {
-    	session_start();
-	}
-	$_SESSION['parfumvault'] = true;
-	$_SESSION['userID'] = mysqli_insert_id($link);
+		if (session_status() === PHP_SESSION_NONE) {
+			session_start();
+		}
+		$_SESSION['parfumvault'] = true;
+		$_SESSION['userID'] = mysqli_insert_id($link);
 
 	}else{
 		$response['error'] = 'DB Schema Creation error. Make sure the database exists in your mysql server and its empty.';