external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Clear a user's active sessions following account suspension

Browse source 
A suspended user can stay in active sessions. Introduce new function
delete_user_sessions to remove all open sessions for a specific user.
Allows suspensions to take effect immediately.

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
canyonknight 2013-01-22 22:38:02 +00:00 committed by Lukas Fleischer
parent aab6eed138
commit 150b0f9f0a
1 changed files with 19 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
web/lib/acctfuncs.inc.php
View file

@ -229,6 +229,8 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
$q.= ", AccountTypeID = ".intval($T); $q.= ", AccountTypeID = ".intval($T);
} }
if ($S) { if ($S) {
/* Ensure suspended users can't keep an active session */
delete_user_sessions($UID, $dbh);
$q.= ", Suspended = 1"; $q.= ", Suspended = 1";
} else { } else {
$q.= ", Suspended = 0"; $q.= ", Suspended = 0";
@ -796,6 +798,23 @@ function delete_session_id($sid, $dbh=NULL) {
$dbh->query($q); $dbh->query($q);
} }
/**
* Remove all sessions belonging to a particular user
*
* @param int $uid ID of user to remove all sessions for
* @param \PDO $dbh An already established database connection
*
* @return void
*/
function delete_user_sessions($uid, $dbh=NULL) {
if (!$dbh) {
$dbh = db_connect();
}
$q = "DELETE FROM Sessions WHERE UsersID = " . intval($uid);
$dbh->exec($q);
}
/** /**
* Remove sessions from the database that have exceed the timeout * Remove sessions from the database that have exceed the timeout
* *