Installer
3 years ago
AdminNotices.php
1 month ago
AjaxHandler.php
1 year ago
Autologin.php
9 months ago
BlockRegistrations.php
10 months ago
BuddyPressBbPress.php
3 years ago
DisableConcurrentLogins.php
2 years ago
EditUserProfile.php
5 months ago
ExtensionManager.php
1 month ago
FileUploader.php
3 months ago
FormPreviewHandler.php
5 months ago
FormRepository.php
1 year ago
FormShortcodeDefaults.php
1 month ago
GDPR.php
3 years ago
Geolocation.php
3 years ago
GlobalSiteAccess.php
3 years ago
ImageUploader.php
1 year ago
LoginAuth.php
1 year ago
Miscellaneous.php
3 years ago
ModifyRedirectDefaultLinks.php
5 months ago
PPRESS_Session.php
1 year ago
PROFILEPRESS_sql.php
1 year ago
PasswordReset.php
1 year ago
ProfileUrlRewrite.php
4 years ago
RegistrationAuth.php
1 week ago
SendEmail.php
3 years ago
ShortcodeThemeFactory.php
5 years ago
UserAvatar.php
1 year ago
UserSignupLocationListingPage.php
3 years ago
UsernameEmailRestrictLogin.php
4 years ago
WPProfileFieldParserTrait.php
1 year ago
WelcomeEmailAfterSignup.php
1 year ago
default-email-template.php
1 year ago
index.php
3 years ago
DisableConcurrentLogins.php
56 lines
| 1 | <?php |
| 2 | |
| 3 | namespace ProfilePress\Core\Classes; |
| 4 | |
| 5 | class DisableConcurrentLogins |
| 6 | { |
| 7 | public function __construct() |
| 8 | { |
| 9 | add_action('set_auth_cookie', [$this, 'disable_concurrent_logins'], 10, 6); |
| 10 | } |
| 11 | |
| 12 | /** |
| 13 | * @param string $logged_in_cookie The logged-in cookie value. |
| 14 | * @param int $expire The time the login grace period expires as a UNIX timestamp. |
| 15 | * Default is 12 hours past the cookie's expiration time. |
| 16 | * @param int $expiration The time when the logged-in authentication cookie expires as a UNIX timestamp. |
| 17 | * Default is 14 days from now. |
| 18 | * @param int $user_id User ID. |
| 19 | * @param string $scheme Authentication scheme. Default 'logged_in'. |
| 20 | * @param string $token User's session token to use for this cookie. |
| 21 | */ |
| 22 | public function disable_concurrent_logins($logged_in_cookie, $expire, $expiration, $user_id, $scheme, $token) |
| 23 | { |
| 24 | if (ppress_get_setting('disable_concurrent_logins') != 'true') return; |
| 25 | |
| 26 | /** |
| 27 | * WP uses $_SERVER['REMOTE_ADDR'] to get user IP when logging in |
| 28 | * @see WP_Session_Tokens::create() |
| 29 | */ |
| 30 | if (empty($_SERVER['REMOTE_ADDR'])) return; |
| 31 | |
| 32 | $all_sessions = \WP_Session_Tokens::get_instance($user_id)->get_all(); |
| 33 | |
| 34 | if (empty($all_sessions)) return; |
| 35 | |
| 36 | $different_ip_sessions = array_filter($all_sessions, function ($session) { |
| 37 | return $session['ip'] !== $_SERVER['REMOTE_ADDR']; |
| 38 | }); |
| 39 | |
| 40 | // if login session from IP other than current user ip address exist, destroy other sessions |
| 41 | if ( ! empty($different_ip_sessions) && ! empty($token)) { |
| 42 | \WP_Session_Tokens::get_instance($user_id)->destroy_others($token); |
| 43 | } |
| 44 | } |
| 45 | |
| 46 | public static function get_instance() |
| 47 | { |
| 48 | static $instance = null; |
| 49 | |
| 50 | if (is_null($instance)) { |
| 51 | $instance = new self(); |
| 52 | } |
| 53 | |
| 54 | return $instance; |
| 55 | } |
| 56 | } |