diff options
| -rw-r--r-- | web/lib/acctfuncs.inc.php | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index cdf4af6..002042d 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -229,6 +229,8 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", $q.= ", AccountTypeID = ".intval($T); } if ($S) { + /* Ensure suspended users can't keep an active session */ + delete_user_sessions($UID, $dbh); $q.= ", Suspended = 1"; } else { $q.= ", Suspended = 0"; @@ -797,6 +799,23 @@ function delete_session_id($sid, $dbh=NULL) { } /** + * Remove all sessions belonging to a particular user + * + * @param int $uid ID of user to remove all sessions for + * @param \PDO $dbh An already established database connection + * + * @return void + */ +function delete_user_sessions($uid, $dbh=NULL) { + if (!$dbh) { + $dbh = db_connect(); + } + + $q = "DELETE FROM Sessions WHERE UsersID = " . intval($uid); + $dbh->exec($q); +} + +/** * Remove sessions from the database that have exceed the timeout * * @global int $LOGIN_TIMEOUT Time until session expires |