Commit 150b0f9f authored by canyonknight's avatar canyonknight Committed by Lukas Fleischer
Browse files

Clear a user's active sessions following account suspension



A suspended user can stay in active sessions. Introduce new function
delete_user_sessions to remove all open sessions for a specific user.
Allows suspensions to take effect immediately.

Signed-off-by: default avatarcanyonknight <canyonknight@gmail.com>
Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
parent aab6eed1
......@@ -229,6 +229,8 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
$q.= ", AccountTypeID = ".intval($T);
}
if ($S) {
/* Ensure suspended users can't keep an active session */
delete_user_sessions($UID, $dbh);
$q.= ", Suspended = 1";
} else {
$q.= ", Suspended = 0";
......@@ -796,6 +798,23 @@ function delete_session_id($sid, $dbh=NULL) {
$dbh->query($q);
}
/**
* Remove all sessions belonging to a particular user
*
* @param int $uid ID of user to remove all sessions for
* @param \PDO $dbh An already established database connection
*
* @return void
*/
function delete_user_sessions($uid, $dbh=NULL) {
if (!$dbh) {
$dbh = db_connect();
}
$q = "DELETE FROM Sessions WHERE UsersID = " . intval($uid);
$dbh->exec($q);
}
/**
* Remove sessions from the database that have exceed the timeout
*
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment