This board is the new home for david63's extensions.

All of the extensions hosted here will need to be treated as a new install as there is no migration from the original ones to these, and furthermore, no support will be given to migrating to any of these extensions from previous versions.


Due to the selfishness of certain board members it has become necessary to apply a limit of how many downloads each member can make before making a donation. Once a donation has been made then you will have unlimited downloads.

[3.3.0] Active Sessions

Fully working extensions
User avatar
devspace
Owner
Owner
Posts: 280
Joined: October 2022

[3.3.0] Active Sessions

#1

Post by devspace »

Active Sessions:

Adds an Admin option to display the current active user sessions.

Compatibility:

Image Image

Image

Note:

If you are using any other version of this extension then it must be Disabled /Delete data and the original files deleted before installing this version - but you will loose all settings.

Features:
  • List of all active sessions.
  • Lookup IP address.
  • Dropdown display of browser header data.
Language(s):
  • en
Version:
  • 3.3.0
Installation:
  • Download the latest release and unzip it.
  • Upload the unzipped files to [board root]/ext/devspace/activesessions and enable it in the ACP
Configuration:
  • No configuration required
Useage:
  • Users and Groups
  • User Utilities
  • Active sessions
Extension Download:

User avatar
devspace
Owner
Owner
Posts: 280
Joined: October 2022

[3.3.0] Active Sessions

#2

Post by devspace »

Announcements:

Sergio64
Member
Member
Posts: 3
Joined: November 2022

Re: [3.3.0] Active Sessions

#3

Post by Sergio64 »

Hello,

Don't work for me (phpBB 3.3.8 - PHP 8.1.0)

User avatar
devspace
Owner
Owner
Posts: 280
Joined: October 2022

Re: [3.3.0] Active Sessions

#4

Post by devspace »

Sergio64 wrote: 22 Nov 2022, 12:17
Hello,

Don't work for me (phpBB 3.3.8 - PHP 8.1.0)
What do you mean by "Don't work"? Please explain

kennybroh
Donor
Donor
Posts: 13
Joined: December 2022

Re: [3.3.0] Active Sessions

#5

Post by kennybroh »

This is very helpful. Thanks.

I know this extension is limited to "Active Sessions" but I'd also like to have some ability to see past session activity. I am relatively new to phpBB and although there may be a way to query the database for this information I don't know how to do it. Is there another extension to show session activity by date range and allow for filters by User, IP, etc? Although I know that isn't what this Extension is designed to do, It would be very useful if it allowed you to switch between active sessions and a list of a range of prior sessions.

Any advice would be appreciated and I am more than willing to pay for help!

User avatar
devspace
Owner
Owner
Posts: 280
Joined: October 2022

Re: [3.3.0] Active Sessions

#6

Post by devspace »

The problem with that is that there is no session history as the session table is automatically purged at least once a day.

kennybroh
Donor
Donor
Posts: 13
Joined: December 2022

Re: [3.3.0] Active Sessions

#7

Post by kennybroh »

Is there any way to intercept that purge and write the data to another table before it's deleted?

kennybroh
Donor
Donor
Posts: 13
Joined: December 2022

Re: [3.3.0] Active Sessions

#8

Post by kennybroh »

Oops-- that's not one of yours, is it. Sorry.

And don't you get the data for Who Visited This Topic from the session table too? That information sticks around long after the session table is purged--couldn't the session information be stored there?

User avatar
david63
Member
Member
Posts: 16
Joined: October 2022

Re: [3.3.0] Active Sessions

#9

Post by david63 »

kennybroh wrote: 03 Dec 2022, 22:29
get the data for Who Visited This Topic from the session table too?
No - that extension interrogates the posts table to get its information.
kennybroh wrote: 03 Dec 2022, 22:20
Is there any way to intercept that purge and write the data to another table before it's deleted?
Probably, but you have to remember that the sessions table only contains the current/last activity of the user so for what you are wanting it would require constantly writing the data but that would be far too much work,

What is it that you are trying to achieve?

kennybroh
Donor
Donor
Posts: 13
Joined: December 2022

Re: [3.3.0] Active Sessions

#10

Post by kennybroh »

There are two things I'd like to accomplish. They are certainly not critical and probably overkill, but useful to me if readily available.

For context, I've built a small private board for communication among the managers and stakeholders of a family business. Although none of the content is critical and no personal identifying information is stored there, some members are nevertheless concerned about security. I'm comfortable we've implemented sufficient measures to protect the information but I'd like to have a couple of other capabilities for security and management purposes.

First, it is important from time-to-time to be able to determine whether someone reviewed certain information. I installed the dmz extension "Who Visited This Topic " which gives me a list of visitors to each topic, but it doesn't tell me when each visit occurred. That's important because I can't tell if the visit was before or after certain material was posted. I asked the developer of that extension how to get that information but they haven't responded. A stored table would presumably contain that data.

Second, I'd like to know if a user logs in from a suspicious IP address or a different geographical location, and be able to review their login history over time. I have the IP validation set to ABC in the ACP but I'm not sure what that does. From the perspective of impact on the server, the site has a very small number of registered users and guests and bots have no access, so triggering a write each time someone logs in wouldn't impose a significant burden.

I'm just beginning to understand a little about how phpBB works, but other than editing a few files, so far I'm limited to what I can do through the GUI including extensions. The coding is foreign to me at this point, but I hope over time I'll be able to do some things myself. Any thoughts you might have would be appreciated.

User avatar
david63
Member
Member
Posts: 16
Joined: October 2022

Re: [3.3.0] Active Sessions

#11

Post by david63 »

kennybroh wrote: 04 Dec 2022, 15:25
it is important from time-to-time to be able to determine whether someone reviewed certain information. I installed the dmz extension "Who Visited This Topic " which gives me a list of visitors to each topic, but it doesn't tell me when each visit occurred.
If it is that critical that you know if somebody has "reviewed certain information" then simply create a new topic for that information then that extension will tell you what you want to know. What it will not be able to tell you is whether they have read the topic - only that they have visited it.
kennybroh wrote: 04 Dec 2022, 15:25
I'd like to know if a user logs in from a suspicious IP address or a different geographical location, and be able to review their login history over time
The Log Connections extension will give you that information - but how do you define a "suspicious IP address", and why should they not log in from another location? If you are worrying about somebody trying to access your board using another's credentials then that is virtually unheard of with phpBB, unless the owner of the credentials has been careless.

kennybroh
Donor
Donor
Posts: 13
Joined: December 2022

Re: [3.3.0] Active Sessions

#12

Post by kennybroh »

If it is that critical that you know if somebody has "reviewed certain information" then simply create a new topic for that information then that extension will tell you what you want to know.
That's such a simple solution I feel a little stupid for not having thought of it myself. Of course that solves that problem. Thanks.
What it will not be able to tell you is whether they have read the topic - only that they have visited it.
Actually, because most of the topics I'm concerned with confirming they've been read are embedded links to pdf and excel files or images. So if someone visits the topic the document is automatically displayed and for all intents and purposes I can assume it's been read.
The Log Connections extension will give you [the IP address] information - but how do you define a "suspicious IP address", and why should they not log in from another location? If you are worrying about somebody trying to access your board using another's credentials then that is virtually unheard of with phpBB, unless the owner of the credentials has been careless.
Now that I've seen some of the log entries from Log Connections I think it largely satisfies what I'm concerned about. Although it's probably overkill, the psychology of the particular users of this site is such that I want to be able to assure them we are wearing belts and suspenders as far as security is concerned. And, as I mentioned before, this is for the stakeholders in a family business and there are some, how can I put this delicately, unusual dynamics which conceivably could involve sharing of credentials between people with different permission levels. Because they live in different cities (and we can easily find out where everyone is at any given time) seeing the IP address for each login is very useful. I'm probably being a little paranoid, but as Andy Grove said when he was CEO of Intel, "Only the paranoid survive".

Thanks for your responses. Your deep knowledge of this ecosystem enables you to simplify things in a way that newcomers can't.