2012-03-08, 03:22 AM
MySessions
Description:
With this plugin, users can view all of their account's current sessions and log out any sessions they find suspicious. Admins can view all sessions. Based on the functionality found in Gmail and Deviantart.
The below screenshot shows the usercp?action=mysessions page. The useragent "1'" was made by Nathan as he was testing the plugin for vulnerabilities, of which he found some and I fixed immediately
IP address links go to *the ip address*.ipaddress.com. If the plugin can, it will display the hostname and location of the IP address.
![[Image: gyrd.png]](https://camo.mybb.com/42d8f653083973c55ece0859bf3c90013e0fdea5/687474703a2f2f692e696d6d2e696f2f677972642e706e67)
If there are multiple sessions for the same account, a warning shows up (which can be dismissed)
![[Image: gysk.png]](https://camo.mybb.com/4dba0efae61e37ef53a7be94c082ce9a50cc1e73/687474703a2f2f692e696d6d2e696f2f6779736b2e706e67)
Install:
This plugin adds one database table and edits one template.
Upgrade:
From 1.0 to 1.1: re-upload mysessions.php
From 1.0, 1.1 to 1.2: re-upload mysessions.php, deactivate and reactivate. This is needed to add a new column, uid, to the mysessions_kill table.
Change log:
1.0: Initial release
1.1: Minor bug fixes, and feature Multiple Sessions Alerts added
1.2 Added features:
Fully commented code
[b]1.3:[b] SQLi problem affecting 1.2 fixed
Support:
Support will be given on MyBB Security.
http://www.mybbsecurity.net/topic-mysessions
Download:
Please download from MyBB Security to keep download counts accurate.
http://www.mybbsecurity.net/topic-mysessions
Description:
With this plugin, users can view all of their account's current sessions and log out any sessions they find suspicious. Admins can view all sessions. Based on the functionality found in Gmail and Deviantart.
The below screenshot shows the usercp?action=mysessions page. The useragent "1'" was made by Nathan as he was testing the plugin for vulnerabilities, of which he found some and I fixed immediately
IP address links go to *the ip address*.ipaddress.com. If the plugin can, it will display the hostname and location of the IP address.
If there are multiple sessions for the same account, a warning shows up (which can be dismissed)
Install:
This plugin adds one database table and edits one template.
Upgrade:
From 1.0 to 1.1: re-upload mysessions.php
From 1.0, 1.1 to 1.2: re-upload mysessions.php, deactivate and reactivate. This is needed to add a new column, uid, to the mysessions_kill table.
Change log:
1.0: Initial release
1.1: Minor bug fixes, and feature Multiple Sessions Alerts added
1.2 Added features:
- Cancel kill request
- Search by IP/username
Fully commented code
[b]1.3:[b] SQLi problem affecting 1.2 fixed
Support:
Support will be given on MyBB Security.
http://www.mybbsecurity.net/topic-mysessions
Download:
Please download from MyBB Security to keep download counts accurate.
http://www.mybbsecurity.net/topic-mysessions