From 150b0f9f0a5174e72a27469030135e98b2a43815 Mon Sep 17 00:00:00 2001
From: canyonknight <canyonknight@gmail.com>
Date: Tue, 22 Jan 2013 22:38:02 +0000
Subject: Clear a user's active sessions following account suspension

A suspended user can stay in active sessions. Introduce new function
delete_user_sessions to remove all open sessions for a specific user.
Allows suspensions to take effect immediately.

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/lib/acctfuncs.inc.php | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'web')

diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index cdf4af6..002042d 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -229,6 +229,8 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
 				$q.= ", AccountTypeID = ".intval($T);
 			}
 			if ($S) {
+				/* Ensure suspended users can't keep an active session */
+				delete_user_sessions($UID, $dbh);
 				$q.= ", Suspended = 1";
 			} else {
 				$q.= ", Suspended = 0";
@@ -796,6 +798,23 @@ function delete_session_id($sid, $dbh=NULL) {
 	$dbh->query($q);
 }
 
+/**
+ * Remove all sessions belonging to a particular user
+ *
+ * @param int $uid ID of user to remove all sessions for
+ * @param \PDO $dbh An already established database connection
+ *
+ * @return void
+ */
+function delete_user_sessions($uid, $dbh=NULL) {
+	if (!$dbh) {
+		$dbh = db_connect();
+	}
+
+	$q = "DELETE FROM Sessions WHERE UsersID = " . intval($uid);
+	$dbh->exec($q);
+}
+
 /**
  * Remove sessions from the database that have exceed the timeout
  *
-- 
cgit v1.2.3-54-g00ecf