admin/user/edit: when admin updates a user's account details, remove user's...

admin/user/edit: when admin updates a user's account details, remove user's sessions (if currently logged in)

admin/user/edit: when admin updates a user's account details, remove user's...
admin/user/edit: when admin updates a user's account details, remove user's sessions (if currently logged in)
6e445b8f · Eugene Venter · 047127c1 · 6e445b8f · 6e445b8f · 6e445b8f
Commit 6e445b8f authored Oct 13, 2010 by Eugene Venter
--- a/htdocs/admin/users/edit.php
+++ b/htdocs/admin/users/edit.php
@@ -187,6 +187,8 @@ function edituser_site_validate(Pieform $form, $values) {
 }

 function edituser_site_submit(Pieform $form, $values) {
+    global $USER;
+
    if (!$user = get_record('usr', 'id', $values['id'])) {
        return false;
    }
@@ -199,7 +201,11 @@ function edituser_site_submit(Pieform $form, $values) {
    $user->quota = $values['quota'];
    $user->expiry = db_format_timestamp($values['expiry']);

-    global $USER;
+
+    // Try to kick the user from any active login sessions, before saving data.
+    require_once(get_config('docroot') . 'auth/session.php');
+    remove_user_sessions($user->id);
+
    if ($USER->get('admin')) {  // Not editable by institutional admins
        $user->staff = (int) ($values['staff'] == 'on');
        $user->admin = (int) ($values['admin'] == 'on');

--- a/htdocs/lang/en.utf8/admin.php
+++ b/htdocs/lang/en.utf8/admin.php
@@ -502,6 +502,7 @@ $string['addusertoinstitution'] = 'Add User to Institution';
 $string['removeuserfrominstitution'] = 'Remove user from this institution';
 $string['confirmremoveuserfrominstitution'] = 'Are you sure you want to remove the user from this institution?';
 $string['usereditdescription'] = 'Here you can view and set details for this user account. Below, you can also <a href="#suspend">suspend or delete this account</a>, or change settings for this user in the <a href="#institutions">institutions they are in</a>.';
+$string['usereditwarning'] = 'NOTE: Saving the account changes will cause the user to be logged out (if currently logged in)';
 $string['suspenddeleteuser'] = 'Suspend/Delete User';
 $string['suspenddeleteuserdescription'] = 'Here you may suspend or entirely delete a user account. Suspended users are unable to log in until their account is unsuspended. Please note that while a suspension can be undone, deletion <strong>cannot</strong> be undone.';
 $string['deleteusernote'] = 'Please note that this operation <strong>cannot be undone</strong>.';

--- a/htdocs/theme/raw/templates/admin/users/edit.tpl
+++ b/htdocs/theme/raw/templates/admin/users/edit.tpl
@@ -26,6 +26,7 @@
    </td>
    <td id="useraccountsettingsleft"><h2>{str tag="siteaccountsettings" section="admin"}</h2>
    <p>{str tag="usereditdescription" section="admin"}</p>
+    <p class="errmsg">{str tag="usereditwarning" section="admin"}</p>
    {$siteform|safe}
    <hr />
    {if ($institutions)}
@@ -59,4 +60,4 @@
    </tr></table>
 </div>

-{include file="footer.tpl"}
\ No newline at end of file
+{include file="footer.tpl"}