From da941378dd48caed1fd51b8c898891328854dcac Mon Sep 17 00:00:00 2001
From: Muhammad Saad <saad01.1999@gmail.com>
Date: Sat, 25 Jan 2020 19:42:41 +0500
Subject: [PATCH] automatic logout on user inactivity

---
 README.md                              | 50 +++++++++++++++++---------
 assets/includes/checkinactive.ajax.php |  9 +++++
 assets/js/check_inactive.js            | 14 ++++++++
 assets/layouts/footer.php              |  6 ++++
 assets/layouts/header.php              |  3 ++
 assets/setup/env.php                   | 30 ++++++++--------
 login/index.php                        |  1 -
 7 files changed, 81 insertions(+), 32 deletions(-)
 create mode 100644 assets/includes/checkinactive.ajax.php
 create mode 100644 assets/js/check_inactive.js

diff --git a/README.md b/README.md
index 399e995..26de5c1 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
   <img src="assets/images/README_cover.png" width="350" align="center"/>
 </p><br>
 
-> Embeddable and Secure PHP Authentication System with Login, Signup, User Profiles, Profile Editing, Account Verification via Email, Password Reset System, Remember Me Feature, Global ERROR & STATUS variables system and Authentication checks.
+> Embeddable and Highly Secure PHP Authentication System with Login, Signup, User Profiles, Profile Editing, Account Verification via Email, Password Reset System, Remember Me Feature, Automatic Logout on Inactivity,  Global ERROR & STATUS variable system, Authentication checks and more.
 
 # Table of Contents
 
@@ -26,6 +26,7 @@
       - [Secure Remember-me Cookie](#secure-remember-me-cookie)
       - [Secure Account Activation & Password Reset](#secure-account-activation--password-reset)
     - [Login | Signup](#login--signup)
+    - [Automatic Logout on Inactivity](#automatic-logout-on-inactivity)
     - [User Profile | Profile Editing](#user-profile--profile-editing)
     - [Email Verification | Account Activation](#email-verification--account-activation)
     - [Password Resetting](#password-resetting)
@@ -56,24 +57,24 @@
 ```php
 // env.php
 
-if (!defined('APP_NAME'))           define('APP_NAME' ,'Login System');
-if (!defined('APP_ORGANIZATION'))   define('APP_ORGANIZATION' ,'KLiK');
-if (!defined('APP_OWNER'))          define('APP_OWNER' ,'msaad1999');
-if (!defined('APP_DESCRIPTION'))    define('APP_DESCRIPTION' ,'Embeddable and Secure PHP Login System');
+if (!defined('APP_NAME'))                       define('APP_NAME', 'Login System');
+if (!defined('APP_ORGANIZATION'))               define('APP_ORGANIZATION', 'KLiK');
+if (!defined('APP_OWNER'))                      define('APP_OWNER', 'msaad1999');
+if (!defined('APP_DESCRIPTION'))                define('APP_DESCRIPTION', 'Embeddable PHP Login System');
 
+if (!defined('ALLOWED_INACTIVITY_TIME'))        define('ALLOWED_INACTIVITY_TIME', time()+1*60);
 
-if (!defined('DB_DATABASE'))        define('DB_DATABASE', 'klik_loginsystem');
-if (!defined('DB_HOST'))            define('DB_HOST','127.0.0.1');
-if (!defined('DB_USERNAME'))        define('DB_USERNAME','root');
-if (!defined('DB_PASSWORD'))        define('DB_PASSWORD' ,'');
-if (!defined('DB_PORT'))            define('DB_PORT' ,'');
+if (!defined('DB_DATABASE'))                    define('DB_DATABASE', 'klik_loginsystem');
+if (!defined('DB_HOST'))                        define('DB_HOST','127.0.0.1');
+if (!defined('DB_USERNAME'))                    define('DB_USERNAME','root');
+if (!defined('DB_PASSWORD'))                    define('DB_PASSWORD' ,'');
+if (!defined('DB_PORT'))                        define('DB_PORT' ,'');
 
-
-if (!defined('MAIL_HOST'))          define('MAIL_HOST', 'smtp.gmail.com');
-if (!defined('MAIL_USERNAME'))      define('MAIL_USERNAME', 'example.email@gmail.com');
-if (!defined('MAIL_PASSWORD'))      define('MAIL_PASSWORD', 'example_password');
-if (!defined('MAIL_ENCRYPTION'))    define('MAIL_ENCRYPTION', 'ssl');
-if (!defined('MAIL_PORT'))          define('MAIL_PORT', 465);
+if (!defined('MAIL_HOST'))                      define('MAIL_HOST', 'smtp.gmail.com');
+if (!defined('MAIL_USERNAME'))                  define('MAIL_USERNAME', 'example.email@gmail.com');
+if (!defined('MAIL_PASSWORD'))                  define('MAIL_PASSWORD', 'example-password');
+if (!defined('MAIL_ENCRYPTION'))                define('MAIL_ENCRYPTION', 'ssl');
+if (!defined('MAIL_PORT'))                      define('MAIL_PORT', 465);
 ```
 
 ### Existing Account(s)
@@ -216,6 +217,23 @@ The system supports a default and secure login and signup system. The user can s
 
 The login system also supports a `remember me` feature, which will keep the user logged in for a certain time (currently a month) even if the browser or system is turned off.
 
+### Automatic Logout on Inactivity
+
+The Application has a jquery snippet in `assets/js/check_inactive.js` which continously checks if the user is inactive. When the user is inactive for more than the specified time, it automatically logs the user out and redirects to the login page. The allowed inactivity time period is currently `1 hr`, specified in `assets/setup/env.php` in the `ALLOWED_INACTIVITY_TIME` constant. The js script calls the script in `assets/includes/checkinactive.ajax.php` via AJAX call, where the user's inactivity is checked.
+
+```php
+// checkinactive.ajax.php
+
+session_start();
+if (isset($_SESSION['auth']) && !isset($_COOKIE['rememberme'])){
+    if(time() > $_SESSION['expire']){
+        session_unset();
+        session_destroy();
+        echo 'logout_redirect';
+    }
+}
+```
+
 ### User Profile | Profile Editing
 
 The system supports a proper user profile accessible on registration. Currently only a few extra-information fields have been put into the database, namely the user's first name, last name, gender, profile headline and bio. These are only meant to showcase the use of additional user information, and as such, are optional fields and can be skipped during signup. The user also has a profile image that he can choose/set at signup and can also update it later.
diff --git a/assets/includes/checkinactive.ajax.php b/assets/includes/checkinactive.ajax.php
new file mode 100644
index 0000000..f364a96
--- /dev/null
+++ b/assets/includes/checkinactive.ajax.php
@@ -0,0 +1,9 @@
+<?php
+session_start();
+if (isset($_SESSION['auth']) && !isset($_COOKIE['rememberme'])){
+    if(time() > $_SESSION['expire']){
+        session_unset();
+        session_destroy();
+        echo 'logout_redirect';
+    }
+}
\ No newline at end of file
diff --git a/assets/js/check_inactive.js b/assets/js/check_inactive.js
new file mode 100644
index 0000000..b15e27b
--- /dev/null
+++ b/assets/js/check_inactive.js
@@ -0,0 +1,14 @@
+$(document).ready(function() {
+    setInterval(function() {
+        $.ajax({
+            type: 'GET',
+            async: false,
+            url: '../assets/includes/checkinactive.ajax.php',
+            success: function(response) {
+                if (response == 'logout_redirect') {
+                    location.href = "../login/";
+                }
+            }
+        });
+    }, 5000);
+});
\ No newline at end of file
diff --git a/assets/layouts/footer.php b/assets/layouts/footer.php
index 76dedb6..833ffe4 100644
--- a/assets/layouts/footer.php
+++ b/assets/layouts/footer.php
@@ -65,6 +65,12 @@
 <script src="../assets/vendor/js/popper.min.js"></script>
 <script src="../assets/vendor/bootstrap-4.3.1/js/bootstrap.min.js"></script>
 
+<?php if(isset($_SESSION['auth'])) { ?> 
+
+<script src="../assets/js/check_inactive.js"></script>
+    
+<?php } ?>
+
 
 </body>
 
diff --git a/assets/layouts/header.php b/assets/layouts/header.php
index 126777c..b4e955e 100644
--- a/assets/layouts/header.php
+++ b/assets/layouts/header.php
@@ -7,6 +7,9 @@
 require '../assets/includes/auth_functions.php';
 require '../assets/includes/security_functions.php';
 
+if (isset($_SESSION['auth']))
+    $_SESSION['expire'] = ALLOWED_INACTIVITY_TIME;
+
 generate_csrf_token();
 check_remember_me();
 
diff --git a/assets/setup/env.php b/assets/setup/env.php
index 6738525..15f4e41 100644
--- a/assets/setup/env.php
+++ b/assets/setup/env.php
@@ -1,20 +1,20 @@
 <?php
 
-if (!defined('APP_NAME'))           define('APP_NAME' ,'Login System');
-if (!defined('APP_ORGANIZATION'))   define('APP_ORGANIZATION' ,'KLiK');
-if (!defined('APP_OWNER'))          define('APP_OWNER' ,'msaad1999');
-if (!defined('APP_DESCRIPTION'))    define('APP_DESCRIPTION' ,'Embeddable PHP Login System');
+if (!defined('APP_NAME'))                       define('APP_NAME', 'Login System');
+if (!defined('APP_ORGANIZATION'))               define('APP_ORGANIZATION', 'KLiK');
+if (!defined('APP_OWNER'))                      define('APP_OWNER', 'msaad1999');
+if (!defined('APP_DESCRIPTION'))                define('APP_DESCRIPTION', 'Embeddable PHP Login System');
 
+if (!defined('ALLOWED_INACTIVITY_TIME'))        define('ALLOWED_INACTIVITY_TIME', time()+1*60);
 
-if (!defined('DB_DATABASE'))        define('DB_DATABASE', 'klik_loginsystem');
-if (!defined('DB_HOST'))            define('DB_HOST','127.0.0.1');
-if (!defined('DB_USERNAME'))        define('DB_USERNAME','root');
-if (!defined('DB_PASSWORD'))        define('DB_PASSWORD' ,'');
-if (!defined('DB_PORT'))            define('DB_PORT' ,'');
+if (!defined('DB_DATABASE'))                    define('DB_DATABASE', 'klik_loginsystem');
+if (!defined('DB_HOST'))                        define('DB_HOST','127.0.0.1');
+if (!defined('DB_USERNAME'))                    define('DB_USERNAME','root');
+if (!defined('DB_PASSWORD'))                    define('DB_PASSWORD' ,'');
+if (!defined('DB_PORT'))                        define('DB_PORT' ,'');
 
-
-if (!defined('MAIL_HOST'))          define('MAIL_HOST', 'smtp.gmail.com');
-if (!defined('MAIL_USERNAME'))      define('MAIL_USERNAME', 'example.email@gmail.com');
-if (!defined('MAIL_PASSWORD'))      define('MAIL_PASSWORD', 'example-password');
-if (!defined('MAIL_ENCRYPTION'))    define('MAIL_ENCRYPTION', 'ssl');
-if (!defined('MAIL_PORT'))          define('MAIL_PORT', 465);
\ No newline at end of file
+if (!defined('MAIL_HOST'))                      define('MAIL_HOST', 'smtp.gmail.com');
+if (!defined('MAIL_USERNAME'))                  define('MAIL_USERNAME', 'example.email@gmail.com');
+if (!defined('MAIL_PASSWORD'))                  define('MAIL_PASSWORD', 'example-password');
+if (!defined('MAIL_ENCRYPTION'))                define('MAIL_ENCRYPTION', 'ssl');
+if (!defined('MAIL_PORT'))                      define('MAIL_PORT', 465);
\ No newline at end of file
diff --git a/login/index.php b/login/index.php
index 829ec74..c9a8f7a 100644
--- a/login/index.php
+++ b/login/index.php
@@ -3,7 +3,6 @@
 define('TITLE', "Login");
 include '../assets/layouts/header.php';
 check_logged_out();
-
 ?>