[3e493e2] - Added openshift yaml manifests

- Improve db connect method - Added a dedicated page to display in case of fatal error - Added a session timeout to automatically logoff the user after 30 minutes of inactivity - configurable by user - Change selected material color to yellow in formula making for better descrimination - Various minor updates and code clean-up - Added a function to convert session time to hours/mins
globaldyne · Nov 15, 2024 · d235e12 · d235e12
1 parent 3e493e2
commit d235e12
Show file tree

Hide file tree

Showing 18 changed files with 280 additions and 86 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -24,6 +24,11 @@
 - Removed user alert to reload formula settings pages when making a changes
 - Added openshift yaml manifests
 - Improve db connect method
+- Added a dedicated page to display in case of fatal error
+- Added a session timeout to automatically logoff the user after 30 minutes of inactivity - configurable by user
+- Change selected material color to yellow in formula making for better descrimination
+- Various minor updates and code clean-up
+- Added a function to convert session time to hours/mins
 
 ### Version 11.9
 - Added system logs access via the UI for docker/cloud installations - this comes disabled by default

diff --git a/core/ajax-session.php b/core/ajax-session.php
@@ -1,14 +1,50 @@
 <?php
-if (session_status() == PHP_SESSION_NONE) {
-    session_start();  // Start the session only if not already started
+
+define('pvault_panel', TRUE);
+define('__ROOT__', dirname(dirname(__FILE__))); 
+
+if (session_status() === PHP_SESSION_NONE) {
+    session_start();
+}
+
+if(strtoupper(getenv('PLATFORM')) === "CLOUD"){
+	$session_timeout = getenv('SYS_TIMEOUT') ?: 1800;
+} else {
+	require_once(__ROOT__.'/inc/config.php');
+}
+
+if ((time() - $_SESSION['parfumvault_time']) > $session_timeout) {
+    session_unset();
+    session_destroy();
+
+    echo json_encode( 
+		array(
+			'session_status' => false,
+			'session_timeout' => $session_timeout,
+			'session_time' => $_SESSION['parfumvault_time'] ?? null
+		)
+	);
+    return;
 }
 
-if(!isset( $_SESSION['parfumvault']) || $_SESSION['parfumvault'] == false) {
-    //expired
-    echo "-1";
+if(!isset( $_SESSION['parfumvault']) || $_SESSION['parfumvault'] === false) {
+    //session is expired
+	echo json_encode( 
+		array(
+			'session_status' => false,
+			'session_timeout' => $session_timeout,
+			'session_time' => $_SESSION['parfumvault_time'] ?? null
+		)
+	);
     session_destroy();
 } else {
-    //not expired
-    echo "1";
+    //session is valid
+	echo json_encode( 
+		array(
+			'session_status' => true,
+			'session_timeout' => $session_timeout,
+			'session_time' => $_SESSION['parfumvault_time']
+		)
+	);
 }
 ?>
diff --git a/core/auth.php b/core/auth.php
@@ -4,6 +4,12 @@
 
 require_once(__ROOT__.'/inc/opendb.php');
 
+if(strtoupper(getenv('PLATFORM')) === "CLOUD"){
+	$session_timeout = getenv('SYS_TIMEOUT') ?: 1800;
+} else {
+	require_once(__ROOT__.'/inc/config.php');
+}
+
 if($_POST['action'] == 'login'){
 
 	if(empty($_POST['email']) || empty($_POST['password'])){
@@ -20,9 +26,32 @@
 
 	if($row['id']){
 		if (session_status() === PHP_SESSION_NONE) {
+			 session_set_cookie_params([
+				'lifetime' => $session_timeout, // Set cookie lifetime to 30 minutes
+				'path' => '/', // Make the cookie accessible throughout the domain
+				'secure' => isset($_SERVER['HTTPS']), // Secure cookie if using HTTPS
+				'httponly' => true, // Prevent JavaScript from accessing the cookie
+				'samesite' => 'Strict', // Protect against CSRF attacks
+			]);
     		session_start();
 		}
 
+		if (isset($_SESSION['parfumvault_time'])) {
+			if ((time() - $_SESSION['parfumvault_time']) > $session_timeout) {
+				session_unset();
+				session_destroy();
+
+				$response['auth']['error'] = true;
+				$response['auth']['msg'] = 'Session expired. Please log in again.';
+				echo json_encode($response);
+				return;
+			} else {
+				$_SESSION['parfumvault_time'] = time();
+			}
+		} else {
+			$_SESSION['parfumvault_time'] = time();
+		}
+
 		$_SESSION['parfumvault'] = true;
 		$_SESSION['userID'] = $row['id'];
 		if($_POST['do']){

diff --git a/core/configureSystem.php b/core/configureSystem.php
@@ -94,13 +94,14 @@
 $tmp_path = "/tmp/";
 $allowed_ext = "pdf, doc, docx, xls, csv, xlsx, png, jpg, jpeg, gif";
 $max_filesize = "4194304"; //in bytes
+$session_timeout = 1800; //Time in seconds
 ?>
 ';
-	if (session_status() === PHP_SESSION_NONE) {
-    	session_start();
-	}
-	$_SESSION['parfumvault'] = true;
-	$_SESSION['userID'] = mysqli_insert_id($link);
+		if (session_status() === PHP_SESSION_NONE) {
+			session_start();
+		}
+		$_SESSION['parfumvault'] = true;
+		$_SESSION['userID'] = mysqli_insert_id($link);
 
 	}else{
 		$response['error'] = 'DB Schema Creation error. Make sure the database exists in your mysql server and its empty.';

diff --git a/core/core.php b/core/core.php
@@ -1572,15 +1572,18 @@ function formatVal($num){
 	}
 	if(mysqli_num_rows(mysqli_query($conn, "SELECT name FROM formulasMetaData WHERE name = '$value'"))){
 		$response["error"] = 'Name already exists';
+		echo json_encode($response);
+
 	}else{
 		mysqli_query($conn, "UPDATE formulasMetaData SET name = '$value' WHERE id = '$id'");
 		if(mysqli_query($conn, "UPDATE formulas SET name = '$value' WHERE fid = '$fid'")){
-			$response["success"] = 'Formula renamed.';
+			$response["success"] = 'Formula renamed';
 			$response["msg"] = $value;
+			echo json_encode($response);
 		}
 
 	}
-	echo json_encode($response);
+
 	return;	
 }
 

diff --git a/css/vault.css b/css/vault.css
@@ -1109,7 +1109,7 @@ table#tdDataPending.dataTable thead:hover {
 }
 */
 .pv-transition td {
-    background-color: var(--bs-secondary-bg);
+    background-color: var(--bs-warning-border-subtle);
 }
 
 .schedule_details {

diff --git a/func/convertTime.php b/func/convertTime.php
@@ -0,0 +1,19 @@
+<?php 
+if (!defined('pvault_panel')){ die('Not Found');}
+
+function convertTime($seconds) {
+    if (!is_numeric($seconds) || $seconds < 0) {
+        return "Invalid input. Please enter a non-negative number.";
+    }
+
+    $minutes = floor($seconds / 60);
+    $hours = floor($minutes / 60);
+    $remainingMinutes = $minutes % 60;
+
+    return [
+        'hours' => $hours,
+        'minutes' => $remainingMinutes,
+    ];
+}
+
+?>
diff --git a/inc/opendb.php b/inc/opendb.php
@@ -8,21 +8,22 @@
 if(strtoupper(getenv('PLATFORM')) === "CLOUD"){
 
 	if(!getenv('DB_HOST') || !getenv('DB_USER') || !getenv('DB_PASS') || !getenv('DB_NAME')){
-		echo 'Required parameters not found. Please make sure your provided all the required variables as per <a href="https://www.perfumersvault.com/knowledge-base/howto-docker/" target="_blank">documentation</a>';
+		$error_msg = 'Required parameters not found. Please make sure your provided all the required variables as per <a href="https://www.perfumersvault.com/knowledge-base/howto-docker/" target="_blank">documentation</a>';
+		require_once(__ROOT__.'/pages/error.php');
 		exit;
 	}
 
 	$dbhost = getenv('DB_HOST');
 	$dbuser = getenv('DB_USER');
 	$dbpass = getenv('DB_PASS');
 	$dbname = getenv('DB_NAME');
-		
+
 	$tmp_path = getenv('TMP_PATH') ?: "/tmp/";
 	$allowed_ext = getenv('FILE_EXT') ?: "pdf, doc, docx, xls, csv, xlsx, png, jpg, jpeg, gif";
 	$max_filesize = getenv('MAX_FILE_SIZE') ?: "4194304";
 	$bkparams =  getenv('DB_BACKUP_PARAMETERS') ?: '--column-statistics=1';
-
     $sysLogsEnabled = strtoupper(getenv('SYS_LOGS')) === 'ENABLED' || getenv('SYS_LOGS') === '1';
+	$session_timeout = getenv('SYS_TIMEOUT') ?: 1800;
 
 	$conn = dbConnect($dbhost, $dbuser, $dbpass, $dbname);
 
@@ -39,10 +40,9 @@ function dbConnect(string $dbhost, string $dbuser, string $dbpass, string $dbnam
         mysqli_set_charset($conn, "utf8");
         return $conn;
     } catch (mysqli_sql_exception $e) {
-		$msg = "Database connection error: " . $e->getMessage();
-		$response["error"] = $msg;
-		echo json_encode($response);
-        error_log($msg);
+		$error_msg = "Database connection error: " . $e->getMessage();
+        require_once(__ROOT__.'/pages/error.php');
+		error_log($error_msg);
         return false; // Return false on failure
     }
 }

diff --git a/inc/sec.php b/inc/sec.php
@@ -17,6 +17,27 @@
     session_start();
 }
 
+if(strtoupper(getenv('PLATFORM')) === "CLOUD"){
+	$session_timeout = getenv('SYS_TIMEOUT') ?: 1800;
+} else {
+	require_once(__ROOT__.'/inc/config.php');
+}
+
+if (isset($_SESSION['parfumvault_time'])) {
+    if ((time() - $_SESSION['parfumvault_time']) > $session_timeout) {
+        session_unset();
+        session_destroy();
+        $response['auth']['error'] = true;
+		$response['auth']['msg'] = 'You have been automatically logged out due to inactivity of '.$session_timeout.' seconds. Please log in again. ';
+		echo json_encode($response);
+        return;
+    } else {
+        $_SESSION['parfumvault_time'] = time();
+    }
+} else {
+    $_SESSION['parfumvault_time'] = time();
+}
+
 if(!isset($_SESSION['parfumvault'])){
 	if($_GET['do']){
 		$redirect = '?do='.$_GET['do'];

diff --git a/index.php b/index.php
@@ -10,15 +10,8 @@
 }
 require_once(__ROOT__.'/inc/product.php');
 require_once(__ROOT__.'/inc/opendb.php');
-
-//require_once(__ROOT__.'/func/checkIng.php');
-//require_once(__ROOT__.'/func/searchIFRA.php');
-//require_once(__ROOT__.'/func/formatBytes.php');
-//require_once(__ROOT__.'/func/countElement.php');
-
 require_once(__ROOT__.'/func/countPending.php');
 require_once(__ROOT__.'/func/countCart.php');
-//require_once(__ROOT__.'/func/pvOnline.php');
 require_once(__ROOT__.'/func/getIngSupplier.php');
 require_once(__ROOT__.'/inc/settings.php');
 

diff --git a/js/validate-session.js b/js/validate-session.js
@@ -1,9 +1,11 @@
 function session_checking() {
     $.post("/core/ajax-session.php", function(data) {
-        if(data == "-1"){
-            //alert("Your session has been expired!");
+		const response = JSON.parse(data);
+
+       	if (response.session_status === false) {
             location.reload();
         }
+
     });
 }
-var validateSession = setInterval(session_checking, 5000);
+var validateSession = setInterval(session_checking, 5000);
diff --git a/logout.php b/logout.php
@@ -1,7 +1,18 @@
 <?php
-session_start();
-unset($_SESSION['parfumvault']);
+
+if (session_status() === PHP_SESSION_NONE) {
+    session_start();
+}
+
 session_unset();
 session_destroy();
-header('Location: /login.php');
+
+if (ini_get("session.use_cookies")) {
+    $params = session_get_cookie_params();
+    setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
+}
+
+header("Location: /login.php");
+exit;
+
 ?>
diff --git a/pages/error.php b/pages/error.php
@@ -0,0 +1,32 @@
+<?php
+if (!defined("pvault_panel")){ die("Not Found");}
+?>
+<html lang="en" data-bs-theme="<?=$settings['bs_theme'] ?: 'light';?>">
+<head>
+
+  <meta charset="utf-8">
+  <meta name="description" content="Something went wrong...">
+  <meta name="author" content="perfumersvault">
+  <title>Error</title>
+  <link rel="icon" type="image/png" sizes="32x32" href="/img/favicon-32x32.png">
+  <link rel="icon" type="image/png" sizes="16x16" href="/img/favicon-16x16.png">
+  <script src="/js/jquery/jquery.min.js"></script>
+
+  <link href="/css/sb-admin-2.css" rel="stylesheet">
+  <link href="/css/vault.css" rel="stylesheet">
+
+  <link href="/css/fontawesome-free/css/all.min.css" rel="stylesheet">
+
+</head>
+<div id="wrapper">
+    <div class="container-fluid">
+        <div class="text-center">
+            <div class="error mx-auto" data-text="Error">Error...</div>
+            <div class="alert alert-danger"><i class="fa-solid fa-bug mx-2"></i><?php echo $error_msg;?></div>
+            <p class="text-gray-500 mb-0">It looks like you found a glitch in the matrix...</p>
+            <a href="/"><i class="fa-solid fa-arrow-left-long mx-2"></i>Back to Dashboard</a>
+        </div>
+    </div>
+</div>
+</body>
+</html>