automatic logout on user inactivity

README.md

@@ -2,7 +2,7 @@
   <img src="assets/images/README_cover.png" width="350" align="center"/>
 </p><br>
 
-> Embeddable and Secure PHP Authentication System with Login, Signup, User Profiles, Profile Editing, Account Verification via Email, Password Reset System, Remember Me Feature, Global ERROR & STATUS variables system and Authentication checks.
+> Embeddable and Highly Secure PHP Authentication System with Login, Signup, User Profiles, Profile Editing, Account Verification via Email, Password Reset System, Remember Me Feature, Automatic Logout on Inactivity,  Global ERROR & STATUS variable system, Authentication checks and more.
 
 # Table of Contents
 
@@ -26,6 +26,7 @@
       - [Secure Remember-me Cookie](#secure-remember-me-cookie)
       - [Secure Account Activation & Password Reset](#secure-account-activation--password-reset)
     - [Login | Signup](#login--signup)
+    - [Automatic Logout on Inactivity](#automatic-logout-on-inactivity)
     - [User Profile | Profile Editing](#user-profile--profile-editing)
     - [Email Verification | Account Activation](#email-verification--account-activation)
     - [Password Resetting](#password-resetting)
@@ -56,24 +57,24 @@
 ```php
 // env.php
 
-if (!defined('APP_NAME'))           define('APP_NAME' ,'Login System');
-if (!defined('APP_ORGANIZATION'))   define('APP_ORGANIZATION' ,'KLiK');
-if (!defined('APP_OWNER'))          define('APP_OWNER' ,'msaad1999');
-if (!defined('APP_DESCRIPTION'))    define('APP_DESCRIPTION' ,'Embeddable and Secure PHP Login System');
+if (!defined('APP_NAME'))                       define('APP_NAME', 'Login System');
+if (!defined('APP_ORGANIZATION'))               define('APP_ORGANIZATION', 'KLiK');
+if (!defined('APP_OWNER'))                      define('APP_OWNER', 'msaad1999');
+if (!defined('APP_DESCRIPTION'))                define('APP_DESCRIPTION', 'Embeddable PHP Login System');
 
+if (!defined('ALLOWED_INACTIVITY_TIME'))        define('ALLOWED_INACTIVITY_TIME', time()+1*60);
 
-if (!defined('DB_DATABASE'))        define('DB_DATABASE', 'klik_loginsystem');
-if (!defined('DB_HOST'))            define('DB_HOST','127.0.0.1');
-if (!defined('DB_USERNAME'))        define('DB_USERNAME','root');
-if (!defined('DB_PASSWORD'))        define('DB_PASSWORD' ,'');
-if (!defined('DB_PORT'))            define('DB_PORT' ,'');
+if (!defined('DB_DATABASE'))                    define('DB_DATABASE', 'klik_loginsystem');
+if (!defined('DB_HOST'))                        define('DB_HOST','127.0.0.1');
+if (!defined('DB_USERNAME'))                    define('DB_USERNAME','root');
+if (!defined('DB_PASSWORD'))                    define('DB_PASSWORD' ,'');
+if (!defined('DB_PORT'))                        define('DB_PORT' ,'');
 
-
-if (!defined('MAIL_HOST'))          define('MAIL_HOST', 'smtp.gmail.com');
-if (!defined('MAIL_USERNAME'))      define('MAIL_USERNAME', '[email protected]');
-if (!defined('MAIL_PASSWORD'))      define('MAIL_PASSWORD', 'example_password');
-if (!defined('MAIL_ENCRYPTION'))    define('MAIL_ENCRYPTION', 'ssl');
-if (!defined('MAIL_PORT'))          define('MAIL_PORT', 465);
+if (!defined('MAIL_HOST'))                      define('MAIL_HOST', 'smtp.gmail.com');
+if (!defined('MAIL_USERNAME'))                  define('MAIL_USERNAME', '[email protected]');
+if (!defined('MAIL_PASSWORD'))                  define('MAIL_PASSWORD', 'example-password');
+if (!defined('MAIL_ENCRYPTION'))                define('MAIL_ENCRYPTION', 'ssl');
+if (!defined('MAIL_PORT'))                      define('MAIL_PORT', 465);
 ```
 
 ### Existing Account(s)
@@ -216,6 +217,23 @@ The system supports a default and secure login and signup system. The user can s
 
 The login system also supports a `remember me` feature, which will keep the user logged in for a certain time (currently a month) even if the browser or system is turned off.
 
+### Automatic Logout on Inactivity
+
+The Application has a jquery snippet in `assets/js/check_inactive.js` which continously checks if the user is inactive. When the user is inactive for more than the specified time, it automatically logs the user out and redirects to the login page. The allowed inactivity time period is currently `1 hr`, specified in `assets/setup/env.php` in the `ALLOWED_INACTIVITY_TIME` constant. The js script calls the script in `assets/includes/checkinactive.ajax.php` via AJAX call, where the user's inactivity is checked.
+
+```php
+// checkinactive.ajax.php
+
+session_start();
+if (isset($_SESSION['auth']) && !isset($_COOKIE['rememberme'])){
+    if(time() > $_SESSION['expire']){
+        session_unset();
+        session_destroy();
+        echo 'logout_redirect';
+    }
+}
+```
+
 ### User Profile | Profile Editing
 
 The system supports a proper user profile accessible on registration. Currently only a few extra-information fields have been put into the database, namely the user's first name, last name, gender, profile headline and bio. These are only meant to showcase the use of additional user information, and as such, are optional fields and can be skipped during signup. The user also has a profile image that he can choose/set at signup and can also update it later.

assets/includes/checkinactive.ajax.php

@@ -0,0 +1,9 @@
+<?php
+session_start();
+if (isset($_SESSION['auth']) && !isset($_COOKIE['rememberme'])){
+    if(time() > $_SESSION['expire']){
+        session_unset();
+        session_destroy();
+        echo 'logout_redirect';
+    }
+}

assets/js/check_inactive.js

@@ -0,0 +1,14 @@
+$(document).ready(function() {
+    setInterval(function() {
+        $.ajax({
+            type: 'GET',
+            async: false,
+            url: '../assets/includes/checkinactive.ajax.php',
+            success: function(response) {
+                if (response == 'logout_redirect') {
+                    location.href = "../login/";
+                }
+            }
+        });
+    }, 5000);
+});

assets/layouts/footer.php

@@ -65,6 +65,12 @@
 <script src="../assets/vendor/js/popper.min.js"></script>
 <script src="../assets/vendor/bootstrap-4.3.1/js/bootstrap.min.js"></script>
 
+<?php if(isset($_SESSION['auth'])) { ?> 
+
+<script src="../assets/js/check_inactive.js"></script>
+
+<?php } ?>
+
 
 </body>
 

assets/layouts/header.php

@@ -7,6 +7,9 @@
 require '../assets/includes/auth_functions.php';
 require '../assets/includes/security_functions.php';
 
+if (isset($_SESSION['auth']))
+    $_SESSION['expire'] = ALLOWED_INACTIVITY_TIME;
+
 generate_csrf_token();
 check_remember_me();
 

assets/setup/env.php

@@ -1,20 +1,20 @@
 <?php
 
-if (!defined('APP_NAME'))           define('APP_NAME' ,'Login System');
-if (!defined('APP_ORGANIZATION'))   define('APP_ORGANIZATION' ,'KLiK');
-if (!defined('APP_OWNER'))          define('APP_OWNER' ,'msaad1999');
-if (!defined('APP_DESCRIPTION'))    define('APP_DESCRIPTION' ,'Embeddable PHP Login System');
+if (!defined('APP_NAME'))                       define('APP_NAME', 'Login System');
+if (!defined('APP_ORGANIZATION'))               define('APP_ORGANIZATION', 'KLiK');
+if (!defined('APP_OWNER'))                      define('APP_OWNER', 'msaad1999');
+if (!defined('APP_DESCRIPTION'))                define('APP_DESCRIPTION', 'Embeddable PHP Login System');
 
+if (!defined('ALLOWED_INACTIVITY_TIME'))        define('ALLOWED_INACTIVITY_TIME', time()+1*60);
 
-if (!defined('DB_DATABASE'))        define('DB_DATABASE', 'klik_loginsystem');
-if (!defined('DB_HOST'))            define('DB_HOST','127.0.0.1');
-if (!defined('DB_USERNAME'))        define('DB_USERNAME','root');
-if (!defined('DB_PASSWORD'))        define('DB_PASSWORD' ,'');
-if (!defined('DB_PORT'))            define('DB_PORT' ,'');
+if (!defined('DB_DATABASE'))                    define('DB_DATABASE', 'klik_loginsystem');
+if (!defined('DB_HOST'))                        define('DB_HOST','127.0.0.1');
+if (!defined('DB_USERNAME'))                    define('DB_USERNAME','root');
+if (!defined('DB_PASSWORD'))                    define('DB_PASSWORD' ,'');
+if (!defined('DB_PORT'))                        define('DB_PORT' ,'');
 
-
-if (!defined('MAIL_HOST'))          define('MAIL_HOST', 'smtp.gmail.com');
-if (!defined('MAIL_USERNAME'))      define('MAIL_USERNAME', '[email protected]');
-if (!defined('MAIL_PASSWORD'))      define('MAIL_PASSWORD', 'example-password');
-if (!defined('MAIL_ENCRYPTION'))    define('MAIL_ENCRYPTION', 'ssl');
-if (!defined('MAIL_PORT'))          define('MAIL_PORT', 465);
+if (!defined('MAIL_HOST'))                      define('MAIL_HOST', 'smtp.gmail.com');
+if (!defined('MAIL_USERNAME'))                  define('MAIL_USERNAME', '[email protected]');
+if (!defined('MAIL_PASSWORD'))                  define('MAIL_PASSWORD', 'example-password');
+if (!defined('MAIL_ENCRYPTION'))                define('MAIL_ENCRYPTION', 'ssl');
+if (!defined('MAIL_PORT'))                      define('MAIL_PORT', 465);

login/index.php

@@ -3,7 +3,6 @@
 define('TITLE', "Login");
 include '../assets/layouts/header.php';
 check_logged_out();
-
 ?>