Home Explore Help
Sign In
bachir
/
edlp_d8
1
0
Fork 0
Files Issues 8 Pull Requests 0 Wiki
Tree: c20eb11db0
Branches Tags
edlp_d8
/
sites
/
all
/
modules
/
contrib
/
users
/
autologout
/
autologout.module

autologout.module 8.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236 
  1. <?php
    2. 

  2. 

  3. use Drupal\Core\Url;
    4. 

  4. use Drupal\Core\Form\FormStateInterface;
    5. 

  5. use Drupal\Core\Routing\RouteMatchInterface;
    6. 

  6. 

  7. /**
    8. 

  8.  * Implements hook_help().
    9. 

  9.  */
    10. 

  10. function autologout_help($route_name, RouteMatchInterface $route_match) {
    11. 

  11.   switch ($route_name) {
    12. 

  12.     case 'help.page.autologout':
    13. 

  13.       $seconds = \Drupal::service('autologout.manager')->getUserTimeout();
    14. 

  14.       $output = '';
    15. 

  15.       $output .= '<h3>' . t('About') . '</h3>';
    16. 

  16.       $output .= '<p>' . t("This module allows you to force site users to be logged out after a given amount of time due to inactivity after first being presented with a confirmation dialog. Your current logout threshold is %seconds seconds.", ['%seconds' => $seconds]) . '</p>';
    17. 

  17.       return $output;
    18. 

  18.   }
    19. 

  19. }
    20. 

  20. 

  21. /**
    22. 

  22.  * Implements hook_form_FORM_ID_alter().
    23. 

  23.  *
    24. 

  24.  * Adds a field to user/edit to change that users logout.
    25. 

  25.  */
    26. 

  26. function autologout_form_user_form_alter(&$form, FormStateInterface $form_state) {
    27. 

  27.   $user = \Drupal::currentUser();
    28. 

  28.   $account = $form_state->getFormObject()->getEntity();
    29. 

  29.   $user_id = $account->id();
    30. 

  30.   $access = FALSE;
    31. 

  31. 

  32.   // If user has access to change, and they are changing their own and only
    33. 

  33.   // their own timeout. Or they are an admin.
    34. 

  34.   if (!\Drupal::currentUser()->isAnonymous() && (($user->hasPermission('change own logout threshold') && $user->id() == $user_id) || $user->hasPermission('administer autologout'))) {
    35. 

  35.     $access = TRUE;
    36. 

  36.     $autologout_data = \Drupal::service('user.data')->get('autologout', $user_id, 'timeout');
    37. 

  37.   }
    38. 

  38. 

  39.   if ($access) {
    40. 

  40.     $form['user_' . $user_id] = [
    41. 

  41.       '#type' => 'textfield',
    42. 

  42.       '#title' => t('Your current logout threshold'),
    43. 

  43.       '#default_value' => isset($autologout_data) ? $autologout_data : '',
    44. 

  44.       '#size' => 8,
    45. 

  45.       '#description' => t('How many seconds to give a user to respond to the logout dialog before ending their session.'),
    46. 

  46.       '#element_validate' => ['_autologout_user_uid_timeout_validate'],
    47. 

  47.     ];
    48. 

  48. 

  49.     $form['actions']['submit']['#submit'][] = 'autologout_user_profile_submit';
    50. 

  50.   }
    51. 

  51. }
    52. 

  52. 

  53. /**
    54. 

  54.  * Form validation.
    55. 

  55.  */
    56. 

  56. function _autologout_user_uid_timeout_validate($element, FormStateInterface $form_state) {
    57. 

  57.   $max_timeout = \Drupal::config('autologout.settings')->get('max_timeout');
    58. 

  58.   $timeout = $element['#value'];
    59. 

  59. 

  60.   // Set error if timeout isn't strictly a number between 60 and max.
    61. 

  61.   if ($timeout != "" && ($timeout < 10 || ($timeout > 0 && $timeout < 60) || $timeout > $max_timeout || !is_numeric($timeout))) {
    62. 

  62.     $form_state->setError($element, t('The timeout must be an integer greater than 60, and less then %max.', ['%max' => $max_timeout]));
    63. 

  63.   }
    64. 

  64. }
    65. 

  65. 

  66. /**
    67. 

  67.  * Handle submission of timeout threshold in user/edit.
    68. 

  68.  */
    69. 

  69. function autologout_user_profile_submit(&$form, FormStateInterface $form_state) {
    70. 

  70.   $user_id = $form_state->getFormObject()->getEntity()->id();
    71. 

  71. 

  72.   $timeout = $form_state->getValue('user_' . $user_id);
    73. 

  73.   $enabled = ($timeout != '') ? TRUE : FALSE;
    74. 

  74. 

  75.   \Drupal::service('user.data')->set('autologout', $user_id, 'timeout', $timeout);
    76. 

  76. }
    77. 

  77. 

  78. /**
    79. 

  79.  * Implements hook_autologout_prevent().
    80. 

  80.  */
    81. 

  81. function autologout_autologout_prevent() {
    82. 

  82.   $user = \Drupal::currentUser();
    83. 

  83. 

  84.   // Don't include autologout JS checks on ajax callbacks.
    85. 

  85.   $paths = [
    86. 

  86.     'system',
    87. 

  87.     'autologout_ajax_get_time_left',
    88. 

  88.     'autologout_ahah_logout',
    89. 

  89.     'autologout_ahah_set_last',
    90. 

  90.   ];
    91. 

  91.   // getPath is used because Url::fromRoute('<current>')->toString() doesn't
    92. 

  92.   // give correct path for XHR request.
    93. 

  93.   $url = \Drupal::service('path.current')->getPath();
    94. 

  94.   $path_args = explode('/', $url);
    95. 

  95.   if (in_array($path_args[1], $paths)) {
    96. 

  96.     return TRUE;
    97. 

  97.   }
    98. 

  98. 

  99.   // If user is anonymous or has no timeout set.
    100. 

  100.   if ($user->id() == 0 || (!\Drupal::service('autologout.manager')->getUserTimeout())) {
    101. 

  101.     return TRUE;
    102. 

  102.   }
    103. 

  103. 

  104.   // If the user has checked remember_me via the remember_me module.
    105. 

  105.   $remember_me = \Drupal::service('user.data')->get('remember_me', $user->id(), 'remember_me');
    106. 

  106.   if (!empty($remember_me)) {
    107. 

  107.     return TRUE;
    108. 

  108.   }
    109. 

  109. }
    110. 

  110. 

  111. /**
    112. 

  112.  * Implements hook_autologout_refresh_only().
    113. 

  113.  */
    114. 

  114. function autologout_autologout_refresh_only() {
    115. 

  115.   if (!\Drupal::config('autologout.settings')->get('enforce_admin') && \Drupal::service('router.admin_context')->isAdminRoute(\Drupal::routeMatch()->getRouteObject())) {
    116. 

  116.     return TRUE;
    117. 

  117.   }
    118. 

  118. }
    119. 

  119. 

  120. /**
    121. 

  121.  * Implements hook_page_attachments().
    122. 

  122.  *
    123. 

  123.  * Add a form element to every page which is used to detect if the page was
    124. 

  124.  * loaded from browser cache. This happens when the browser's back button is
    125. 

  125.  * pressed for example. The JS will set the value of the hidden input element
    126. 

  126.  * to 1 after initial load. If this is 1 on subsequent loads, the page was
    127. 

  127.  * loaded from cache and an autologout timeout refresh needs to be triggered.
    128. 

  128.  */
    129. 

  129. function autologout_page_attachments(array &$page) {
    130. 

  130.   $autologout_manager = \Drupal::service('autologout.manager');
    131. 

  131. 

  132.   // Check if JS should be included on this request.
    133. 

  133.   if ($autologout_manager->preventJs()) {
    134. 

  134.     return;
    135. 

  135.   }
    136. 

  136. 

  137.   // Check if anything wants to be refresh only. This URL would include the
    138. 

  138.   // javascript but will keep the login alive whilst that page is opened.
    139. 

  139.   $refresh_only = $autologout_manager->refreshOnly();
    140. 

  140. 

  141.   $settings = \Drupal::config('autologout.settings');
    142. 

  142. 

  143.   $timeout = $autologout_manager->getUserTimeout();
    144. 

  144.   $timeout_padding = $settings->get('padding');
    145. 

  145.   $redirect_url = $settings->get('redirect_url');
    146. 

  146.   $redirect_query = \Drupal::service('redirect.destination')->getAsArray() + ['autologout_timeout' => 1];
    147. 

  147.   $no_dialog = $settings->get('no_dialog');
    148. 

  148.   $use_alt_logout_method = $settings->get('use_alt_logout_method');
    149. 

  149. 

  150.   // Get all settings JS will need for dialog.
    151. 

  151.   $msg = t('@msg', ['@msg' => $settings->get('message')]);
    152. 

  152.   $settings = [
    153. 

  153.     'timeout' => $refresh_only ? ($timeout * 500) : ($timeout * 1000),
    154. 

  154.     'timeout_padding' => $timeout_padding * 1000,
    155. 

  155.     'message' => t('@msg', ['@msg' => $msg]),
    156. 

  156.     'redirect_url' => Url::fromUserInput($redirect_url, ['query' => $redirect_query])->toString(),
    157. 

  157.     'title' => t('@name Alert', ['@name' => \Drupal::config('system.site')->get('name')]),
    158. 

  158.     'refresh_only' => $refresh_only,
    159. 

  159.     'no_dialog' => $no_dialog,
    160. 

  160.     'use_alt_logout_method' => $use_alt_logout_method,
    161. 

  161.   ];
    162. 

  162.   // If this is an AJAX request, then the logout redirect url should still be
    163. 

  163.   // referring to the page that generated this request.
    164. 

  164.   if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
    165. 

  165.     global $base_url;
    166. 

  166.     $relative_url = str_replace($base_url . '/', '', $_SERVER['HTTP_REFERER']);
    167. 

  167.     $settings['redirect_url'] = Url::fromUserInput($redirect_url, [
    168. 

  168.       'query' => ['destination' => urlencode($relative_url)],
    169. 

  169.       'autologout_timeout' => 1,
    170. 

  170.     ]);
    171. 

  171.   }
    172. 

  172. 

  173.   autologout_attach_js($page, $settings, TRUE);
    174. 

  174. 

  175. }
    176. 

  176. 

  177. /**
    178. 

  178.  * Implements hook_page_bottom().
    179. 

  179.  */
    180. 

  180. function autologout_page_bottom() {
    181. 

  181.   if (!\Drupal::service('autologout.manager')->preventJs()) {
    182. 

  182.     $page_bottom['autologout'] = [
    183. 

  183.       '#markup' => '<form id="autologout-cache-check"><input type="hidden" id="autologout-cache-check-bit" value="0" /></form>',
    184. 

  184.     ];
    185. 

  185.   }
    186. 

  186. }
    187. 

  187. 

  188. /**
    189. 

  189.  * Adds the necessary js and libraries.
    190. 

  190.  *
    191. 

  191.  * @param array $element
    192. 

  192.  *   The renderable array element to #attach the js to.
    193. 

  193.  * @param array $settings
    194. 

  194.  *   The JS Settings.
    195. 

  195.  */
    196. 

  196. function autologout_attach_js(&$element, $settings) {
    197. 

  197.   $element['#attached']['drupalSettings']['autologout'] = $settings;
    198. 

  198.   $element['#attached']['library'][] = 'autologout/drupal.autologout';
    199. 

  199. }
    200. 

  200. 

  201. /**
    202. 

  202.  * Implements hook_user_login().
    203. 

  203.  *
    204. 

  204.  * Delete stale sessions for the user on login. This stops
    205. 

  205.  * session_limit module thinking the user has reached their
    206. 

  206.  * session limit.
    207. 

  207.  */
    208. 

  208. function autologout_user_login($account) {
    209. 

  209.   // Cleanup old sessions.
    210. 

  210.   $timeout = \Drupal::service('autologout.manager')->getUserTimeout($account->id());
    211. 

  211. 

  212.   if (empty($timeout)) {
    213. 

  213.     // Users that don't get logged have their sessions left.
    214. 

  214.     return;
    215. 

  215.   }
    216. 

  216. 

  217.   $timeout_padding = \Drupal::config('autologout.settings')->get('padding');
    218. 

  218.   $timestamp = REQUEST_TIME - ($timeout + $timeout_padding);
    219. 

  219. 

  220.   // Find all stale sessions.
    221. 

  221.   $database = \Drupal::database();
    222. 

  222.   $sids = $database->select('sessions', 's')
    223. 

  223.     ->fields('s', ['sid'])
    224. 

  224.     ->condition('uid', $account->id())
    225. 

  225.     ->condition('timestamp', $timestamp, '<')
    226. 

  226.     ->orderBy('timestamp', 'DESC')
    227. 

  227.     ->execute()
    228. 

  228.     ->fetchCol();
    229. 

  229. 

  230.   if (!empty($sids)) {
    231. 

  231.     // Delete stale sessions at login.
    232. 

  232.     $database->delete('sessions')
    233. 

  233.       ->condition('sid', $sids, 'IN')
    234. 

  234.       ->execute();
    235. 

  235.   }
    236. 

  236. }
    237.