Fix for bug 226764: Move InvalidateLogins into Bugzilla::Auth::CGI.

Consolidates the logout code into Bugzilla::Auth::CGI, and provides
simple front-end wrappers in Bugzilla.pm for use in the CGIs we have.
r=bbaetz, joel; a=justdave.

Adds a set of constants to the logout() API which allow specifying "how
much" we should log out -- all sessions, the current session, or all
sessions but the current one.

Fixes callsites to use this new API; cleans and documents things a
bit while we're at it. Part I in the great COOKIE apocalypse.

1 files changed, 4 insertions, 4 deletions

diff --git a/editusers.cgi b/editusers.cgi
index 411704dce..e7ef0e7d3 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -34,6 +34,7 @@ use lib ".";
 require "CGI.pl";
 require "globals.pl";
 
+use Bugzilla;
 use Bugzilla::User;
 
 # Shut up misguided -w warnings about "used only once".  "use vars" just
@@ -660,8 +661,7 @@ if ($action eq 'delete') {
 
     SendSQL("DELETE FROM profiles
              WHERE login_name=" . SqlQuote($user));
-    SendSQL("DELETE FROM logincookies
-             WHERE userid=" . $userid);
+    Bugzilla->logout_user_by_id($userid);
     print "User deleted.<BR>\n";
 
     PutTrailer($localtrailer);
@@ -818,7 +818,7 @@ if ($action eq 'update') {
                      FROM profiles
                      WHERE login_name=" . SqlQuote($userold));
             my $userid = FetchOneColumn();
-            InvalidateLogins($userid);
+            Bugzilla->logout_user_by_id($userid);
             print "Updated password.<BR>\n";
         } else {
             print "Did not update password: $passworderror<br>\n";
@@ -838,7 +838,7 @@ if ($action eq 'update') {
                  FROM profiles
                  WHERE login_name=" . SqlQuote($userold));
         my $userid = FetchOneColumn();
-        InvalidateLogins($userid);
+        Bugzilla->logout_user_by_id($userid);
         print "Updated disabled text.<BR>\n";
     }
     if ($editall && $user ne $userold) {