Commit 7c497378 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Try to remove sessions when suspending a user


Signed-off-by: default avatarRichard Mansfield <richardm@catalyst.net.nz>
parent 8108c052
......@@ -274,4 +274,54 @@ function insert_messages() {
return $SESSION->render_messages();
}
?>
function remove_user_sessions($userid) {
global $sessionpath, $USER;
if (!$sessionids = get_column('usr_session', 'session', 'usr', $userid)) {
return;
}
$alive = array();
$dead = array();
foreach ($sessionids as $sessionid) {
$file = $sessionpath;
for ($i = 0; $i < 3; $i++) {
$file .= '/' . substr($sessionid, $i, 1);
}
$file .= '/sess_' . $sessionid;
if (file_exists($file)) {
$alive[] = $sessionid;
}
else {
$dead[] = $sessionid;
}
}
if (!empty($dead)) {
delete_records_select('usr_session', 'session IN (' . join(',', array_map('db_quote', $dead)) . ')');
}
if (empty($alive)) {
return;
}
$sid = $USER->get('sessionid');
session_commit();
foreach ($alive as $sessionid) {
session_id($sessionid);
if (session_start()) {
session_destroy();
session_commit();
}
}
session_id($sid);
session_start();
delete_records_select('usr_session', 'session IN (' . join(',', array_map('db_quote', $alive)) . ')');
}
......@@ -945,6 +945,10 @@ function suspend_user($suspendeduserid, $reason, $suspendinguserid=null) {
$suspendrec->suspendedctime = db_format_timestamp(time());
update_record('usr', $suspendrec, 'id');
// Try to kick the user from any active login session.
require_once(get_config('docroot') . 'auth/session.php');
remove_user_sessions($suspendeduserid);
$lang = get_user_language($suspendeduserid);
$message = new StdClass;
$message->users = array($suspendeduserid);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment