User/Sessions

* implement tracking
    * FUTURE: log out all devices for user
    * generally store less info in _SESSION

setup/db_structure.sql

@@ -30,14 +30,13 @@ CREATE TABLE `aowow_account` (
   `username` varchar(64) NOT NULL COMMENT 'unique; used for for links and display',
   `email` varchar(64) DEFAULT NULL COMMENT 'unique; can be used for login if AUTH_SELF and can be NULL if not',
   `joinDate` int unsigned NOT NULL COMMENT 'unixtime',
-  `allowExpire` tinyint unsigned NOT NULL,
   `dailyVotes` smallint unsigned NOT NULL DEFAULT 0,
   `consecutiveVisits` smallint unsigned NOT NULL DEFAULT 0,
   `curIP` varchar(45) NOT NULL DEFAULT '',
   `prevIP` varchar(45) NOT NULL DEFAULT '',
   `curLogin` int unsigned NOT NULL DEFAULT 0 COMMENT 'unixtime',
   `prevLogin` int unsigned NOT NULL DEFAULT 0,
-  `locale` tinyint unsigned NOT NULL DEFAULT 0 COMMENT '0,2,3,6,8',
+  `locale` tinyint unsigned NOT NULL DEFAULT 0 COMMENT '0,2,3,4,6,8',
   `userGroups` smallint unsigned NOT NULL DEFAULT 0 COMMENT 'bitmask',
   `avatar` varchar(50) NOT NULL DEFAULT '' COMMENT 'icon-string for internal or id for upload',
   `title` varchar(50) NOT NULL DEFAULT '' COMMENT 'user can obtain custom titles',
@@ -181,6 +180,25 @@ CREATE TABLE `aowow_account_reputation` (
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci ROW_FORMAT=COMPACT COMMENT='reputation log';
 /*!40101 SET character_set_client = @saved_cs_client */;
 
+--
+-- Table structure for table `aowow_account_sessions`
+--
+
+DROP TABLE IF EXISTS `aowow_account_sessions`;
+CREATE TABLE `aowow_account_sessions` (
+  `userId` int unsigned NOT NULL,
+  `sessionId` varchar(190) NOT NULL COMMENT 'PHPSESSID',
+  `created` int unsigned NOT NULL,
+  `expires` int unsigned NOT NULL COMMENT 'timestamp or 0 (never expires)',
+  `touched` int unsigned NOT NULL COMMENT 'timestamp - last used',
+  `deviceInfo` varchar(256) NOT NULL,
+  `ip` varchar(45) NOT NULL COMMENT 'can change; just last used ip',
+  `status` enum('ACTIVE', 'LOGOUT', 'FORCEDLOGOUT', 'EXPIRED') NOT NULL,
+  UNIQUE KEY `sessionId` (`sessionId`) USING BTREE,
+  KEY `userId` (`userId`) USING BTREE,
+  CONSTRAINT `FK_acc_sessions` FOREIGN KEY (`userId`) REFERENCES `aowow_account` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci ROW_FORMAT=COMPACT;
+
 --
 -- Table structure for table `aowow_account_weightscale_data`
 --
@@ -3323,7 +3341,7 @@ UNLOCK TABLES;
 
 LOCK TABLES `aowow_dbversion` WRITE;
 /*!40000 ALTER TABLE `aowow_dbversion` DISABLE KEYS */;
-INSERT INTO `aowow_dbversion` VALUES (1753572320,0,NULL,NULL);
+INSERT INTO `aowow_dbversion` VALUES (1753574970,0,NULL,NULL);
 /*!40000 ALTER TABLE `aowow_dbversion` ENABLE KEYS */;
 UNLOCK TABLES;
 

setup/tools/clisetup/account.us.php

@@ -103,7 +103,7 @@ CLISetup::registerUtility(new class extends UtilityScript
         if (!$name || !$passw)
             return false;
 
-        if (DB::Aowow()->query('REPLACE INTO ?_account (`login`, `passHash`, `username`, `joindate`, `email`, `allowExpire`, `userGroups`, `userPerms`) VALUES (?, ?, ?, UNIX_TIMESTAMP(), ?, 0, ?d, 1)',
+        if (DB::Aowow()->query('REPLACE INTO ?_account (`login`, `passHash`, `username`, `joindate`, `email`, `userGroups`, `userPerms`) VALUES (?, ?, ?, UNIX_TIMESTAMP(), ?, ?d, 1)',
             $name, User::hashCrypt($passw), $name, $email ?: Cfg::get('CONTACT_EMAIL'), U_GROUP_ADMIN))
         {
             $newId = DB::Aowow()->selectCell('SELECT `id` FROM ?_account WHERE `username` = ?', $name);

setup/updates/1753572319_01.sql

@@ -3,6 +3,8 @@ ALTER TABLE `aowow_account`
     CHANGE COLUMN `user` `login` varchar(64) NOT NULL DEFAULT '' COMMENT 'only used for login',
     CHANGE COLUMN `displayName` `username` varchar(64) NOT NULL COMMENT 'unique; used for for links and display',
     MODIFY COLUMN `email` varchar(64) DEFAULT NULL COMMENT 'unique; can be used for login if AUTH_SELF and can be NULL if not',
+    MODIFY COLUMN `token` varchar(40) DEFAULT NULL COMMENT 'identification key for changes to account',
+    ADD COLUMN `updateValue` varchar(128) DEFAULT NULL COMMENT 'temp store for new passHash / email' AFTER `token`,
     ADD CONSTRAINT `username` UNIQUE (`username`);
 
 UPDATE `aowow_account`

setup/updates/1753574969_01.sql

@@ -0,0 +1,17 @@
+DROP TABLE IF EXISTS `aowow_account_sessions`;
+CREATE TABLE `aowow_account_sessions` (
+    `userId` int unsigned NOT NULL,
+    `sessionId` varchar(190) NOT NULL COMMENT 'PHPSESSID', -- max size (for utf8mb4) to still be a key
+    `created` int unsigned NOT NULL,
+    `expires` int unsigned NOT NULL COMMENT 'timestamp or 0 (never expires)',
+    `touched` int unsigned NOT NULL COMMENT 'timestamp - last used',
+    `deviceInfo` varchar(256) NOT NULL,
+    `ip` varchar(45) NOT NULL COMMENT 'can change; just last used ip', -- think mobile switching between WLAN and mobile data
+    `status` enum('ACTIVE', 'LOGOUT', 'FORCEDLOGOUT', 'EXPIRED') NOT NULL,
+    UNIQUE KEY `sessionId` (`sessionId`) USING BTREE,
+    KEY `userId` (`userId`) USING BTREE,
+    CONSTRAINT `FK_acc_sessions` FOREIGN KEY (`userId`) REFERENCES `aowow_account` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci ROW_FORMAT=COMPACT;
+
+ALTER TABLE `aowow_account`
+    DROP COLUMN `allowExpire`;