From 071625b000c5f264ff5f0b47fbe1a701a454307b Mon Sep 17 00:00:00 2001
From: malle-pietje <erik@slooff.net>
Date: Thu, 24 Dec 2015 14:26:49 +0100
Subject: [PATCH] added cookie timeout function

added a timeout function to clear the PHP SESSION cookie after a defined
period of inactivity. Update your config file with this variable if you
are upgrading from an earlier version.
---
 config.template.php |  5 +++--
 index.php           | 39 +++++++++++++++++++++++++++------------
 2 files changed, 30 insertions(+), 14 deletions(-)

diff --git a/config.template.php b/config.template.php
index a7d1d82..6af9672 100644
--- a/config.template.php
+++ b/config.template.php
@@ -27,5 +27,6 @@
 $controllerpassword = ''; // the password for access to the Unifi Controller
 $controllerurl      = ''; // full url to the Unifi Controller, eg. 'https://22.22.11.11:8443'
 $controllerversion  = ''; // the version of the Controller software, eg. '4.6.6' (must be at least 4.0.0)
-
-?>
+$cookietimeout      = '3600'; // time of inactivity in seconds, after which the PHP session cookie will be refreshed
+                              // this means the site and data collection will need to be selected again
+?>
\ No newline at end of file
diff --git a/index.php b/index.php
index 05d2374..4006e39 100644
--- a/index.php
+++ b/index.php
@@ -34,7 +34,7 @@
 $time_start = microtime(true);
 
 /*
-assign variables required later on together with their default values
+assign variables which are required later on together with their default values
 */
 $action         = '';
 $siteid         = '';
@@ -45,6 +45,30 @@
 $data           = '';
 $objectscount   = '';
 $alertmessage   = '';
+$cookietimeout  = '1800';
+
+/*
+load the settings file
+- if the config.php file is unreadable or does not exist, an alert is displayed on the page
+*/
+if(!is_readable('config.php')) {
+    $alertmessage = '<div class="alert alert-danger" role="alert">The file config.php is not readable or does not exist.'
+                    . '<br>If you have not yet done so, please copy/rename the config.template.php file to config.php and modify the contents as required.</div>';
+}
+
+include('config.php');
+
+/*
+determine whether we have reached the cookie timeout, if so, refresh the PHP session
+*/
+if (isset($_SESSION['last_activity']) && (time() - $_SESSION['last_activity'] > $cookietimeout)) {
+    /*
+    last activity was longer than "$cookietimeout" seconds ago
+    */
+    session_unset();
+    session_destroy();
+}
+$_SESSION['last_activity'] = time(); // update last activity time stamp
 
 /*
 collect cURL version details for the info modal
@@ -111,19 +135,10 @@
 }
 
 /*
-load the unifi api connection class as well as the settings files
-and log in to the controller
-- if the config.php file is unreadable or does not exist, an alert is displayed on the page
-- if an error occurs with the login process an alert is displayed on the page
+load the Unifi API connection class and log in to the controller
+- if an error occurs during the login process, an alert is displayed on the page
 */
 require('phpapi/class.unifi.php');
-if(!is_readable('config.php')) {
-    $alertmessage = '<div class="alert alert-danger" role="alert">The file config.php is not readable or does not exist.'
-                    . '<br>If you have not yet done so, please copy/rename the config.template.php file to config.php and modify the contents as required.</div>';
-}
-
-include('config.php');
-
 $unifidata = new unifiapi($controlleruser, $controllerpassword, $controllerurl, $siteid, $controllerversion);
 $loginresults = $unifidata->login();
 if($loginresults === 400) {