diff options
author | canyonknight <canyonknight@gmail.com> | 2013-01-22 22:38:02 +0000 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2013-01-30 09:25:30 +0100 |
commit | 150b0f9f0a5174e72a27469030135e98b2a43815 (patch) | |
tree | 6d09bc486d27a8430fa65e1ce99294795143069c /web/lib | |
parent | aab6eed1387a9f73759afc22ff3219e4844a34c0 (diff) | |
download | aurweb-150b0f9f0a5174e72a27469030135e98b2a43815.tar.xz |
Clear a user's active sessions following account suspension
A suspended user can stay in active sessions. Introduce new function
delete_user_sessions to remove all open sessions for a specific user.
Allows suspensions to take effect immediately.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/lib')
-rw-r--r-- | web/lib/acctfuncs.inc.php | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index cdf4af6..002042d 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -229,6 +229,8 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", $q.= ", AccountTypeID = ".intval($T); } if ($S) { + /* Ensure suspended users can't keep an active session */ + delete_user_sessions($UID, $dbh); $q.= ", Suspended = 1"; } else { $q.= ", Suspended = 0"; @@ -797,6 +799,23 @@ function delete_session_id($sid, $dbh=NULL) { } /** + * Remove all sessions belonging to a particular user + * + * @param int $uid ID of user to remove all sessions for + * @param \PDO $dbh An already established database connection + * + * @return void + */ +function delete_user_sessions($uid, $dbh=NULL) { + if (!$dbh) { + $dbh = db_connect(); + } + + $q = "DELETE FROM Sessions WHERE UsersID = " . intval($uid); + $dbh->exec($q); +} + +/** * Remove sessions from the database that have exceed the timeout * * @global int $LOGIN_TIMEOUT Time until session expires |