diff --git a/public/include/classes/user.class.php b/public/include/classes/user.class.php
index 3d1366b3..e3a543be 100644
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@@ -43,6 +43,9 @@ class User extends Base {
public function getUserIp($id) {
return $this->getSingle($id, 'loggedIp', 'id');
}
+ public function getLastLogin($id) {
+ return $this->getSingle($id, 'last_login', 'id');
+ }
public function getEmail($email) {
return $this->getSingle($email, 'email', 'email', 's');
}
@@ -138,9 +141,13 @@ class User extends Base {
return false;
}
if ($this->checkUserPassword($username, $password)) {
- $this->updateLoginTimestamp($this->getUserId($username));
- $this->createSession($username);
- if ($this->setUserIp($this->getUserId($username), $_SERVER['REMOTE_ADDR'])) {
+ $uid = $this->getUserId($username);
+ $this->updateLoginTimestamp($uid);
+ $getIPAddress = $this->getUserIp($uid);
+ $setIPAddress = $this->setUserIp($uid, $_SERVER['REMOTE_ADDR']);
+ $lastLoginTime = $this->getLastLogin($uid);
+ $this->createSession($username, $getIPAddress, $lastLoginTime);
+ if ($setIPAddress) {
// send a notification if success_login is active
$uid = $this->getUserId($username);
$notifs = new Notification();
@@ -490,9 +497,12 @@ class User extends Base {
* @param username string Username to create session for
* @return none
**/
- private function createSession($username) {
+ private function createSession($username, $lastIP='', $lastLoginTime='') {
$this->debug->append("STA " . __METHOD__, 4);
$this->debug->append("Log in user to _SESSION", 2);
+ if (!empty($lastIP) && (!empty($lastLoginTime))) {
+ $_SESSION['last_ip_pop'] = array($lastIP, $lastLoginTime);
+ }
if ($this->config['strict'] && $this->config['memcache']['enabled']) {
session_regenerate_id(true);
$_SESSION['AUTHENTICATED'] = '1';
diff --git a/public/index.php b/public/index.php
index 7a972a8a..fbcc0bcb 100644
--- a/public/index.php
+++ b/public/index.php
@@ -128,6 +128,20 @@ if ($config['memcache']['enabled'] && ($config['mc_antidos']['enabled'] || $conf
}
}
+// Got past rate limiter and session manager, show last logged in popup if it's still set
+if (@$_GET['clp'] == 1 && @$_SESSION['last_ip_pop']) unset($_SESSION['last_ip_pop']);
+if (count(@$_SESSION['last_ip_pop']) == 2) {
+ $data = $_SESSION['last_ip_pop'];
+ $ip = filter_var($data[0], FILTER_VALIDATE_IP);
+ $time = date("l, F jS \a\\t g:i a", $data[1]);
+ $closelink = "Close";
+ if (@$_SESSION['AUTHENTICATED'] && $_SESSION['last_ip_pop'][0] !== $_SERVER['REMOTE_ADDR']) {
+ $_SESSION['POPUP'][] = array('CONTENT' => "You last logged in from $ip on $time $closelink", 'TYPE' => 'warning');
+ } else {
+ $_SESSION['POPUP'][] = array('CONTENT' => "You last logged in from $ip on $time $closelink", 'TYPE' => 'info');
+ }
+}
+
// Quick config check
if (@$_SESSION['USERDATA']['is_admin'] && !@$config['skip_config_tests']) {
require_once(INCLUDE_DIR. '/admin_checks.php');