MyBB

**Paul H.** · (This post was last modified: 03-09-2012 05:07 PM by Paul H..)

MySessions

Description:
With this plugin, users can view all of their account's current sessions and log out any sessions they find suspicious. Admins can view all sessions. Based on the functionality found in Gmail and Deviantart.

The below screenshot shows the usercp?action=mysessions page. The useragent "1'" was made by Nathan as he was testing the plugin for vulnerabilities, of which he found some and I fixed immediately Toungue

IP address links go to *the ip address*.ipaddress.com. If the plugin can, it will display the hostname and location of the IP address.

[Image: gyrd.png]

If there are multiple sessions for the same account, a warning shows up (which can be dismissed)

[Image: gysk.png]

Install:
This plugin adds one database table and edits one template.

Upgrade:
From 1.0 to 1.1: re-upload mysessions.php
From 1.0, 1.1 to 1.2: re-upload mysessions.php, deactivate and reactivate. This is needed to add a new column, uid, to the mysessions_kill table.

Change log:
1.0: Initial release
1.1: Minor bug fixes, and feature Multiple Sessions Alerts added
1.2 Added features:

Cancel kill request
Search by IP/username

Miscellaneous bug fixes
Fully commented code
[b]1.3:[b] SQLi problem affecting 1.2 fixed

Support:

Support will be given on MyBB Security.

http://www.mybbsecurity.net/topic-mysessions

Download:

Please download from MyBB Security to keep download counts accurate.

http://www.mybbsecurity.net/topic-mysessions

**Omar G.** · 03-08-2012, 03:43 AM

Will definetely at-least try it out.

**Paul H.** · 03-08-2012, 03:44 AM

It's been security audited by Nathan Malcolm so you know it's secure Toungue

crazy4cs · 03-08-2012, 05:46 AM

Looks great Paul.

Josh H. · 03-08-2012, 06:30 AM

(03-08-2012 03:44 AM)Paul H. Wrote: It's been security audited by Nathan Malcolm so you know it's secure

Hahaha

I may put this on my forum in the future. It seems like it could have a benefit for high-powered accounts, as they could stop another session if needed.

Shiro · 03-09-2012, 03:42 AM

Finally! Somebody who takes security seriously! Installing!

**Paul H.** · 03-09-2012, 07:41 PM

Updated to 1.3.1.

Shiro · 03-13-2012, 12:33 AM

Upgrade instructions?

**Paul H.** · 03-13-2012, 12:35 AM

(03-08-2012 03:22 AM)Paul H. Wrote: Upgrade:
From 1.0 to 1.1: re-upload mysessions.php
From 1.0, 1.1 to 1.2, 1.3.x: re-upload mysessions.php, deactivate and reactivate. This is needed to add a new column, uid, to the mysessions_kill table.

**Omar G.** · 03-13-2012, 03:36 AM

Can I know how a complex password looks like? I thought my email password was enough complex Confused