Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[For 1.6] MySessions
#1
MySessions

Description:
With this plugin, users can view all of their account's current sessions and log out any sessions they find suspicious. Admins can view all sessions. Based on the functionality found in Gmail and Deviantart.

The below screenshot shows the usercp?action=mysessions page. The useragent "1'" was made by Nathan as he was testing the plugin for vulnerabilities, of which he found some and I fixed immediately Toungue

IP address links go to *the ip address*.ipaddress.com. If the plugin can, it will display the hostname and location of the IP address.

[Image: gyrd.png]

If there are multiple sessions for the same account, a warning shows up (which can be dismissed)

[Image: gysk.png]

Install:
This plugin adds one database table and edits one template.

Upgrade:
From 1.0 to 1.1: re-upload mysessions.php
From 1.0, 1.1 to 1.2: re-upload mysessions.php, deactivate and reactivate. This is needed to add a new column, uid, to the mysessions_kill table.

Change log:
1.0: Initial release
1.1: Minor bug fixes, and feature Multiple Sessions Alerts added
1.2 Added features:
  • Cancel kill request
  • Search by IP/username
Miscellaneous bug fixes
Fully commented code
[b]1.3:[b] SQLi problem affecting 1.2 fixed

Support:

Support will be given on MyBB Security.

http://www.mybbsecurity.net/topic-mysessions

Download:

Please download from MyBB Security to keep download counts accurate.

http://www.mybbsecurity.net/topic-mysessions
-Paul H.
Please feel free to PM regarding issues within the community, the blog, social media pages, or the public image of MyBB.

Cogisne lingua latina?
Reply
#2
Will definetely at-least try it out.
Support PM's will be ignored. Angel
Reply
#3
It's been security audited by Nathan Malcolm so you know it's secure Toungue
-Paul H.
Please feel free to PM regarding issues within the community, the blog, social media pages, or the public image of MyBB.

Cogisne lingua latina?
Reply
#4
This user has been denied support. This user has been denied support.
Looks great Paul.
Reply
#5
(03-08-2012, 03:44 AM)Paul H. Wrote:  It's been security audited by Nathan Malcolm so you know it's secure Toungue
Hahaha

I may put this on my forum in the future. It seems like it could have a benefit for high-powered accounts, as they could stop another session if needed.
[Image: lSCzrSK.png]
Reply
#6
Finally! Somebody who takes security seriously! Installing!
[Image: signature.php?uid=1]
Reply
#7
Updated to 1.3.1.
-Paul H.
Please feel free to PM regarding issues within the community, the blog, social media pages, or the public image of MyBB.

Cogisne lingua latina?
Reply
#8
Upgrade instructions?
[Image: signature.php?uid=1]
Reply
#9
(03-08-2012, 03:22 AM)Paul H. Wrote:  Upgrade:
From 1.0 to 1.1: re-upload mysessions.php
From 1.0, 1.1 to 1.2, 1.3.x: re-upload mysessions.php, deactivate and reactivate. This is needed to add a new column, uid, to the mysessions_kill table.

-Paul H.
Please feel free to PM regarding issues within the community, the blog, social media pages, or the public image of MyBB.

Cogisne lingua latina?
Reply
#10
Can I know how a complex password looks like? I thought my email password was enough complex :s
Support PM's will be ignored. Angel
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)