<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[30333] trunk/src: Introduce a button on the user profile screen which clears all other sessions, and on the user editing screen which clears all sessions.</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta" style="font-size: 105%">
<dt style="float: left; width: 6em; font-weight: bold">Revision</dt> <dd><a style="font-weight: bold" href="https://core.trac.wordpress.org/changeset/30333">30333</a><script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"Review this Commit","action":{"@type":"ViewAction","url":"https://core.trac.wordpress.org/changeset/30333","name":"Review Commit"}}</script></dd>
<dt style="float: left; width: 6em; font-weight: bold">Author</dt> <dd>johnbillion</dd>
<dt style="float: left; width: 6em; font-weight: bold">Date</dt> <dd>2014-11-13 15:20:42 +0000 (Thu, 13 Nov 2014)</dd>
</dl>
<pre style='padding-left: 1em; margin: 2em 0; border-left: 2px solid #ccc; line-height: 1.25; font-size: 105%; font-family: sans-serif'>Introduce a button on the user profile screen which clears all other sessions, and on the user editing screen which clears all sessions. Only appears when there are applicable sessions which can be cleared.
See <a href="https://core.trac.wordpress.org/ticket/30264">#30264</a>.
Props jorbin, ocean90, johnbillion</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunksrcwpadminadminajaxphp">trunk/src/wp-admin/admin-ajax.php</a></li>
<li><a href="#trunksrcwpadmincssformscss">trunk/src/wp-admin/css/forms.css</a></li>
<li><a href="#trunksrcwpadminincludesajaxactionsphp">trunk/src/wp-admin/includes/ajax-actions.php</a></li>
<li><a href="#trunksrcwpadminjsuserprofilejs">trunk/src/wp-admin/js/user-profile.js</a></li>
<li><a href="#trunksrcwpadminusereditphp">trunk/src/wp-admin/user-edit.php</a></li>
<li><a href="#trunksrcwpincludessessionphp">trunk/src/wp-includes/session.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunksrcwpadminadminajaxphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-admin/admin-ajax.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-admin/admin-ajax.php 2014-11-13 12:49:42 UTC (rev 30332)
+++ trunk/src/wp-admin/admin-ajax.php 2014-11-13 15:20:42 UTC (rev 30333)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -61,7 +61,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> 'query-attachments', 'save-attachment', 'save-attachment-compat', 'send-link-to-editor',
</span><span class="cx" style="display: block; padding: 0 10px"> 'send-attachment-to-editor', 'save-attachment-order', 'heartbeat', 'get-revision-diffs',
</span><span class="cx" style="display: block; padding: 0 10px"> 'save-user-color-scheme', 'update-widget', 'query-themes', 'parse-embed', 'set-attachment-thumbnail',
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'parse-media-shortcode'
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'parse-media-shortcode', 'destroy-sessions'
</ins><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> // Register core Ajax calls.
</span></span></pre></div>
<a id="trunksrcwpadmincssformscss"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-admin/css/forms.css</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-admin/css/forms.css 2014-11-13 12:49:42 UTC (rev 30332)
+++ trunk/src/wp-admin/css/forms.css 2014-11-13 15:20:42 UTC (rev 30333)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -611,6 +611,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> font-size: 13px;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+table.form-table td .updated p {
+ font-size: 13px;
+ margin: 0.3em 0;
+}
+
</ins><span class="cx" style="display: block; padding: 0 10px"> /*------------------------------------------------------------------------------
</span><span class="cx" style="display: block; padding: 0 10px"> 18.0 - Users
</span><span class="cx" style="display: block; padding: 0 10px"> ------------------------------------------------------------------------------*/
</span></span></pre></div>
<a id="trunksrcwpadminincludesajaxactionsphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-admin/includes/ajax-actions.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-admin/includes/ajax-actions.php 2014-11-13 12:49:42 UTC (rev 30332)
+++ trunk/src/wp-admin/includes/ajax-actions.php 2014-11-13 15:20:42 UTC (rev 30333)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -2770,3 +2770,54 @@
</span><span class="cx" style="display: block; padding: 0 10px"> 'body' => ob_get_clean()
</span><span class="cx" style="display: block; padding: 0 10px"> ) );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+/**
+ * AJAX handler for destroying multiple open sessions for a user.
+ *
+ * @since 4.1.0
+ *
+ */
+function wp_ajax_destroy_sessions() {
+
+ if ( empty( $_POST['user_id'] ) ) {
+ $user = new WP_Error();
+ } else {
+ $user = new WP_User( absint( $_POST['user_id'] ) );
+
+ if ( ! $user->exists() ) {
+ $user = new WP_Error();
+ } elseif ( ! current_user_can( 'edit_user', $user->ID ) ) {
+ $user = new WP_Error();
+ } elseif ( ! check_ajax_referer( sprintf( 'destroy_sessions_%d', $user->ID ), false, false ) ) {
+ $user = new WP_Error();
+ }
+ }
+
+ if ( is_wp_error( $user ) ) {
+ wp_send_json_error( array(
+ 'message' => __( 'Could not log out user sessions. Please try again.' ),
+ ) );
+ }
+
+ if ( isset( $_POST['token'] ) ) {
+ $keep = wp_unslash( $_POST['token'] );
+ } else {
+ $keep = null;
+ }
+
+ $sessions = WP_Session_Tokens::get_instance( $user->ID );
+
+ if ( is_string( $keep ) ) {
+ $sessions->destroy_others( $keep );
+ $message = __( 'You are now logged out everywhere else' );
+ } else {
+ $sessions->destroy_all();
+ /* translators: 1: User's display name. */
+ $message = sprintf( __( '%s has been logged out' ), $user->display_name );
+ }
+
+ wp_send_json_success( array(
+ 'message' => $message
+ ) );
+
+}
</ins></span></pre></div>
<a id="trunksrcwpadminjsuserprofilejs"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-admin/js/user-profile.js</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-admin/js/user-profile.js 2014-11-13 12:49:42 UTC (rev 30332)
+++ trunk/src/wp-admin/js/user-profile.js 2014-11-13 15:20:42 UTC (rev 30333)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1,4 +1,4 @@
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-/* global ajaxurl, pwsL10n */
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+/* global ajaxurl, pwsL10n, _wpSessionMangager */
</ins><span class="cx" style="display: block; padding: 0 10px"> (function($){
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> function check_pass_strength() {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -124,4 +124,29 @@
</span><span class="cx" style="display: block; padding: 0 10px"> });
</span><span class="cx" style="display: block; padding: 0 10px"> });
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $('#destroy-sessions').on('click',function(e){
+
+ var $this = $(this);
+ var data = {
+ action : 'destroy-sessions',
+ _ajax_nonce : _wpSessionMangager.nonce,
+ user_id : _wpSessionMangager.user_id,
+ token : $(this).data('token')
+ };
+
+ $.post( ajaxurl, data, function( response ) {
+
+ if ( response.success ) {
+ $this.prop( 'disabled', true );
+ $this.before( '<div class="updated inline"><p>' + response.data.message + '</p></div>' );
+ } else {
+ $this.before( '<div class="error inline"><p>' + response.data.message + '</p></div>' );
+ }
+
+ }, 'json' );
+
+ e.preventDefault();
+
+ });
+
</ins><span class="cx" style="display: block; padding: 0 10px"> })(jQuery);
</span></span></pre></div>
<a id="trunksrcwpadminusereditphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-admin/user-edit.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-admin/user-edit.php 2014-11-13 12:49:42 UTC (rev 30332)
+++ trunk/src/wp-admin/user-edit.php 2014-11-13 15:20:42 UTC (rev 30333)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -25,6 +25,15 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> wp_enqueue_script('user-profile');
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+wp_localize_script(
+ 'user-profile',
+ '_wpSessionMangager',
+ array(
+ 'user_id' => $user_id,
+ 'nonce' => wp_create_nonce( sprintf( 'destroy_sessions_%d', $user_id ) ),
+ )
+);
+
</ins><span class="cx" style="display: block; padding: 0 10px"> $title = IS_PROFILE_PAGE ? __('Profile') : __('Edit User');
</span><span class="cx" style="display: block; padding: 0 10px"> if ( current_user_can('edit_users') && !IS_PROFILE_PAGE )
</span><span class="cx" style="display: block; padding: 0 10px"> $submenu_file = 'users.php';
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -187,6 +196,8 @@
</span><span class="cx" style="display: block; padding: 0 10px"> if ( !current_user_can('edit_user', $user_id) )
</span><span class="cx" style="display: block; padding: 0 10px"> wp_die(__('You do not have permission to edit this user.'));
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+$sessions = WP_Session_Tokens::get_instance( $profileuser->ID );
+
</ins><span class="cx" style="display: block; padding: 0 10px"> include(ABSPATH . 'wp-admin/admin-header.php');
</span><span class="cx" style="display: block; padding: 0 10px"> ?>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -289,6 +300,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> do_action( 'personal_options', $profileuser );
</span><span class="cx" style="display: block; padding: 0 10px"> ?>
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> </table>
</span><span class="cx" style="display: block; padding: 0 10px"> <?php
</span><span class="cx" style="display: block; padding: 0 10px"> if ( IS_PROFILE_PAGE ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -474,6 +486,29 @@
</span><span class="cx" style="display: block; padding: 0 10px"> </td>
</span><span class="cx" style="display: block; padding: 0 10px"> </tr>
</span><span class="cx" style="display: block; padding: 0 10px"> <?php endif; ?>
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+<?php if ( IS_PROFILE_PAGE && ( count( $sessions->get_all() ) > 1 ) ) { ?>
+ <tr>
+ <th> </th>
+ <td>
+ <p><button class="button button-secondary hide-if-no-js" id="destroy-sessions" data-token="<?php echo esc_attr( wp_get_session_token() ); ?>"><?php _e( 'Log Out of All Other Sessions' ); ?></button></p>
+ <p class="description hide-if-no-js">
+ <?php _e( 'Left your account logged in at a public computer? Lost your phone? This will log you out everywhere except your current browser.' ); ?>
+ </p>
+ </td>
+ </tr>
+<?php } else if ( ! IS_PROFILE_PAGE && ( count( $sessions->get_all() ) > 0 ) ) { ?>
+ <tr>
+ <th> </th>
+ <td>
+ <p><button class="button button-secondary hide-if-no-js" id="destroy-sessions"><?php _e( 'Log Out of All Sessions' ); ?></button></p>
+ <p class="description hide-if-no-js">
+ <?php printf( __( 'Log %s out of all sessions' ), $profileuser->display_name ); ?>
+ </p>
+ </td>
+ </tr>
+<?php } ?>
+
</ins><span class="cx" style="display: block; padding: 0 10px"> </table>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <?php
</span></span></pre></div>
<a id="trunksrcwpincludessessionphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/session.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/session.php 2014-11-13 12:49:42 UTC (rev 30332)
+++ trunk/src/wp-includes/session.php 2014-11-13 15:20:42 UTC (rev 30333)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -131,6 +131,19 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $session = apply_filters( 'attach_session_information', array(), $this->user_id );
</span><span class="cx" style="display: block; padding: 0 10px"> $session['expiration'] = $expiration;
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // IP address.
+ if ( !empty( $_SERVER['REMOTE_ADDR'] ) ) {
+ $session['ip'] = $_SERVER['REMOTE_ADDR'];
+ }
+
+ // User-agent.
+ if ( ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) {
+ $session['ua'] = wp_unslash( $_SERVER['HTTP_USER_AGENT'] );
+ }
+
+ // Timestamp
+ $session['login'] = time();
+
</ins><span class="cx" style="display: block; padding: 0 10px"> $token = wp_generate_password( 43, false, false );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $this->update( $token, $session );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -383,10 +396,6 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @param array $sessions Sessions.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> protected function update_sessions( $sessions ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( ! has_filter( 'attach_session_information' ) ) {
- $sessions = wp_list_pluck( $sessions, 'expiration' );
- }
-
</del><span class="cx" style="display: block; padding: 0 10px"> if ( $sessions ) {
</span><span class="cx" style="display: block; padding: 0 10px"> update_user_meta( $this->user_id, 'session_tokens', $sessions );
</span><span class="cx" style="display: block; padding: 0 10px"> } else {
</span></span></pre>
</div>
</div>
</body>
</html>