WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
11/13/2014 03:20:42 PM (9 years ago)
Author:
johnbillion
Message:

Introduce a button on the user profile screen which clears all other sessions, and on the user editing screen which clears all sessions. Only appears when there are applicable sessions which can be cleared.

See #30264.
Props jorbin, ocean90, johnbillion

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-admin/user-edit.php

    r30033 r30333  
    2525
    2626wp_enqueue_script('user-profile');
     27
     28wp_localize_script(
     29    'user-profile',
     30    '_wpSessionMangager',
     31    array(
     32        'user_id' => $user_id,
     33        'nonce'   => wp_create_nonce( sprintf( 'destroy_sessions_%d', $user_id ) ),
     34    )
     35);
    2736
    2837$title = IS_PROFILE_PAGE ? __('Profile') : __('Edit User');
     
    187196if ( !current_user_can('edit_user', $user_id) )
    188197    wp_die(__('You do not have permission to edit this user.'));
     198
     199$sessions = WP_Session_Tokens::get_instance( $profileuser->ID );
    189200
    190201include(ABSPATH . 'wp-admin/admin-header.php');
     
    290301do_action( 'personal_options', $profileuser );
    291302?>
     303
    292304</table>
    293305<?php
     
    475487</tr>
    476488<?php endif; ?>
     489
     490<?php if ( IS_PROFILE_PAGE && ( count( $sessions->get_all() ) > 1 ) ) { ?>
     491    <tr>
     492        <th>&nbsp;</th>
     493        <td>
     494            <p><button class="button button-secondary hide-if-no-js" id="destroy-sessions" data-token="<?php echo esc_attr( wp_get_session_token() ); ?>"><?php _e( 'Log Out of All Other Sessions' ); ?></button></p>
     495            <p class="description hide-if-no-js">
     496                <?php _e( 'Left your account logged in at a public computer? Lost your phone? This will log you out everywhere except your current browser.' ); ?>
     497            </p>
     498        </td>
     499    </tr>
     500<?php } else if ( ! IS_PROFILE_PAGE && ( count( $sessions->get_all() ) > 0 ) ) { ?>
     501    <tr>
     502        <th>&nbsp;</th>
     503        <td>
     504            <p><button class="button button-secondary hide-if-no-js" id="destroy-sessions"><?php _e( 'Log Out of All Sessions' ); ?></button></p>
     505            <p class="description hide-if-no-js">
     506                <?php printf( __( 'Log %s out of all sessions' ), $profileuser->display_name ); ?>
     507            </p>
     508        </td>
     509    </tr>
     510<?php } ?>
     511
    477512</table>
    478513
Note: See TracChangeset for help on using the changeset viewer.