summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorcanyonknight <canyonknight@gmail.com>2013-01-22 22:38:02 +0000
committerLukas Fleischer <archlinux@cryptocrack.de>2013-01-30 09:25:30 +0100
commit150b0f9f0a5174e72a27469030135e98b2a43815 (patch)
tree6d09bc486d27a8430fa65e1ce99294795143069c
parentaab6eed1387a9f73759afc22ff3219e4844a34c0 (diff)
downloadaurweb-150b0f9f0a5174e72a27469030135e98b2a43815.tar.xz
Clear a user's active sessions following account suspension
A suspended user can stay in active sessions. Introduce new function delete_user_sessions to remove all open sessions for a specific user. Allows suspensions to take effect immediately. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-rw-r--r--web/lib/acctfuncs.inc.php19
1 files changed, 19 insertions, 0 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index cdf4af6..002042d 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -229,6 +229,8 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
$q.= ", AccountTypeID = ".intval($T);
}
if ($S) {
+ /* Ensure suspended users can't keep an active session */
+ delete_user_sessions($UID, $dbh);
$q.= ", Suspended = 1";
} else {
$q.= ", Suspended = 0";
@@ -797,6 +799,23 @@ function delete_session_id($sid, $dbh=NULL) {
}
/**
+ * Remove all sessions belonging to a particular user
+ *
+ * @param int $uid ID of user to remove all sessions for
+ * @param \PDO $dbh An already established database connection
+ *
+ * @return void
+ */
+function delete_user_sessions($uid, $dbh=NULL) {
+ if (!$dbh) {
+ $dbh = db_connect();
+ }
+
+ $q = "DELETE FROM Sessions WHERE UsersID = " . intval($uid);
+ $dbh->exec($q);
+}
+
+/**
* Remove sessions from the database that have exceed the timeout
*
* @global int $LOGIN_TIMEOUT Time until session expires