From 150b0f9f0a5174e72a27469030135e98b2a43815 Mon Sep 17 00:00:00 2001 From: canyonknight Date: Tue, 22 Jan 2013 22:38:02 +0000 Subject: Clear a user's active sessions following account suspension A suspended user can stay in active sessions. Introduce new function delete_user_sessions to remove all open sessions for a specific user. Allows suspensions to take effect immediately. Signed-off-by: canyonknight Signed-off-by: Lukas Fleischer --- web/lib/acctfuncs.inc.php | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'web/lib') diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index cdf4af6f..002042d1 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -229,6 +229,8 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", $q.= ", AccountTypeID = ".intval($T); } if ($S) { + /* Ensure suspended users can't keep an active session */ + delete_user_sessions($UID, $dbh); $q.= ", Suspended = 1"; } else { $q.= ", Suspended = 0"; @@ -796,6 +798,23 @@ function delete_session_id($sid, $dbh=NULL) { $dbh->query($q); } +/** + * Remove all sessions belonging to a particular user + * + * @param int $uid ID of user to remove all sessions for + * @param \PDO $dbh An already established database connection + * + * @return void + */ +function delete_user_sessions($uid, $dbh=NULL) { + if (!$dbh) { + $dbh = db_connect(); + } + + $q = "DELETE FROM Sessions WHERE UsersID = " . intval($uid); + $dbh->exec($q); +} + /** * Remove sessions from the database that have exceed the timeout * -- cgit v1.2.3-24-g4f1b