From 1980458572caac3b703c7ee534c85e53249c9c6a Mon Sep 17 00:00:00 2001
From: Daniel Cebrian <daniel.cebrian@pandorafms.com>
Date: Thu, 8 Jun 2023 14:06:15 +0200
Subject: [PATCH] #11437 added new control session

---
 pandora_console/extras/mr/65.sql              |  5 ++
 pandora_console/godmode/setup/setup_auth.php  | 22 ++++++-
 .../godmode/users/configure_user.php          | 10 +++
 pandora_console/include/functions_config.php  | 66 ++++++++++++++++++-
 pandora_console/pandoradb.sql                 |  1 +
 5 files changed, 102 insertions(+), 2 deletions(-)
 create mode 100644 pandora_console/extras/mr/65.sql

diff --git a/pandora_console/extras/mr/65.sql b/pandora_console/extras/mr/65.sql
new file mode 100644
index 0000000000..6c7ab1161a
--- /dev/null
+++ b/pandora_console/extras/mr/65.sql
@@ -0,0 +1,5 @@
+START TRANSACTION;
+
+ALTER TABLE `tusuario`  ADD COLUMN `session_max_time_expire` INT NOT NULL DEFAULT 0 AFTER `auth_token_secret`;
+
+COMMIT;
\ No newline at end of file
diff --git a/pandora_console/godmode/setup/setup_auth.php b/pandora_console/godmode/setup/setup_auth.php
index 3822a01b2e..74e4e2e1ff 100644
--- a/pandora_console/godmode/setup/setup_auth.php
+++ b/pandora_console/godmode/setup/setup_auth.php
@@ -418,7 +418,27 @@ if (is_ajax() === true) {
             $table->rowclass['2FA_all_users'] = '';
         }
 
-            $table->data['2FA_all_users'] = $row;
+        $table->data['2FA_all_users'] = $row;
+
+        // Session timeout behavior.
+        // Set default value.
+        $row = [];
+        $options = [
+            'check_activity'  => __('Check activity'),
+            'ignore_activity' => __('Ignore activity'),
+        ];
+
+        $row['name'] = __('Control of timeout session').ui_print_help_tip(__('Select \'ignore activity\' to ignore user activity when checking the session.'), true);
+        $row['control'] = html_print_select(
+            $options,
+            'control_session_timeout',
+            $config['control_session_timeout'],
+            '',
+            '',
+            0,
+            true
+        );
+        $table->data['session_timeouts'] = $row;
 
 
         // Session timeout.
diff --git a/pandora_console/godmode/users/configure_user.php b/pandora_console/godmode/users/configure_user.php
index 808261ef61..afd093f233 100644
--- a/pandora_console/godmode/users/configure_user.php
+++ b/pandora_console/godmode/users/configure_user.php
@@ -663,11 +663,21 @@ if ($update_user) {
     $values['local_user'] = (bool) get_parameter('local_user', false);
     $values['strict_acl'] = (bool) get_parameter('strict_acl', false);
     $values['session_time'] = (int) get_parameter('session_time', 0);
+
+    $force_update_session_expire = false;
+    if ($values['session_time'] !== $user_info['session_time']) {
+        $force_update_session_expire = true;
+    }
+
     // Previously defined.
     $values['autorefresh_white_list'] = $autorefresh_white_list;
 
     $res1 = update_user($id, $values);
 
+    if ($force_update_session_expire === true) {
+        config_prepare_expire_time_session(true);
+    }
+
     if ($config['user_can_update_password']) {
         $password_new = (string) get_parameter('password_new', '');
         $password_confirm = (string) get_parameter('password_confirm', '');
diff --git a/pandora_console/include/functions_config.php b/pandora_console/include/functions_config.php
index 468c228733..cf4a00b18a 100644
--- a/pandora_console/include/functions_config.php
+++ b/pandora_console/include/functions_config.php
@@ -815,6 +815,10 @@ function config_update_config()
                         $error_update[] = __('2FA all users');
                     }
 
+                    if (config_update_value('control_session_timeout', get_parameter('control_session_timeout'), true) === false) {
+                        $error_update[] = __('Control timeout');
+                    }
+
                     if (config_update_value('session_timeout', get_parameter('session_timeout'), true) === false) {
                         $error_update[] = __('Session timeout');
                     } else {
@@ -824,6 +828,8 @@ function config_update_config()
                             if (config_update_value('session_timeout', 90, true) === false) {
                                 $error_update[] = __('Session timeout');
                             }
+                        } else {
+                            config_prepare_expire_time_session(true);
                         }
                     }
 
@@ -3781,6 +3787,10 @@ function config_process_config()
         config_update_value('notification_autoclose_time', 5);
     }
 
+    if (isset($config['control_session_timeout']) === false) {
+        config_update_value('control_session_timeout', 'check_activity');
+    }
+
     // Finally, check if any value was overwritten in a form.
     config_update_config();
 }
@@ -3912,12 +3922,60 @@ function config_user_set_custom_config()
         }
     }
 
+    config_prepare_expire_time_session();
+
     if (is_metaconsole() === true) {
         $config['metaconsole_access'] = $userinfo['metaconsole_access'];
     }
 }
 
 
+function config_prepare_expire_time_session($force_update=false)
+{
+    global $config;
+    if (empty($config['id_user']) === true) {
+        return;
+    }
+
+    $userinfo = get_user_info($config['id_user']);
+
+    if (isset($userinfo)) {
+        $user_sesion_time = $userinfo['session_time'];
+    } else {
+        $user_sesion_time = null;
+    }
+
+    if ($user_sesion_time == 0) {
+        // Change the session timeout value to session_timeout minutes  // 8*60*60 = 8 hours.
+        $sessionCookieExpireTime = $config['session_timeout'];
+    } else {
+        // Change the session timeout value to session_timeout minutes  // 8*60*60 = 8 hours.
+        $sessionCookieExpireTime = $user_sesion_time;
+    }
+
+    if ($sessionCookieExpireTime <= 0) {
+        $sessionCookieExpireTime = (10 * 365 * 24 * 60 * 60);
+    } else {
+        $sessionCookieExpireTime *= 60;
+    }
+
+    if ($config['control_session_timeout'] === 'ignore_activity') {
+        $sessionMaxTimeout = (time() + $sessionCookieExpireTime);
+        if ((int) $userinfo['session_max_time_expire'] === 0 || $force_update === true) {
+            $userinfo['session_max_time_expire'] = $sessionMaxTimeout;
+            update_user($userinfo['id_user'], ['session_max_time_expire' => $sessionMaxTimeout]);
+        } else if (time() > (int) $userinfo['session_max_time_expire'] && (int) $userinfo['session_max_time_expire'] > 0) {
+            update_user($userinfo['id_user'], ['session_max_time_expire' => 0]);
+        }
+    } else {
+        if ((int) $userinfo['session_max_time_expire'] > 0) {
+            update_user($userinfo['id_user'], ['session_max_time_expire' => 0]);
+        }
+    }
+
+}
+
+
 /**
  * Undocumented function
  *
@@ -3959,7 +4017,13 @@ function config_prepare_session()
         }
 
         if ($update_cookie === true) {
-            setcookie(session_name(), $_COOKIE[session_name()], (time() + $sessionCookieExpireTime), '/');
+            if ((int) $user['session_max_time_expire'] > 0 && time() < $user['session_max_time_expire']) {
+                $sessionMaxTimeout = $user['session_max_time_expire'];
+            } else {
+                $sessionMaxTimeout = (time() + $sessionCookieExpireTime);
+            }
+
+            setcookie(session_name(), $_COOKIE[session_name()], $sessionMaxTimeout, '/');
         }
     }
 
diff --git a/pandora_console/pandoradb.sql b/pandora_console/pandoradb.sql
index 8706e37fed..a6a368cd72 100644
--- a/pandora_console/pandoradb.sql
+++ b/pandora_console/pandoradb.sql
@@ -1327,6 +1327,7 @@ CREATE TABLE IF NOT EXISTS `tusuario` (
   `allowed_ip_active` TINYINT UNSIGNED DEFAULT 0,
   `allowed_ip_list` TEXT,
   `auth_token_secret` VARCHAR(45) DEFAULT NULL,
+  `session_max_time_expire` INT signed NOT NULL DEFAULT 0,
   CONSTRAINT `fk_filter_id` FOREIGN KEY (`id_filter`) REFERENCES tevent_filter (`id_filter`) ON DELETE SET NULL,
   UNIQUE KEY `id_user` (`id_user`)
 ) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;