Destroy user's sessions when (Bug 1328705)

- users change his/her password - admins delete the user's account Change-Id: Id88207309770dae3eb803abe1f23f97a6b8eb3c8 Signed-off-by: Son Nguyen <son.nguyen@catalyst.net.nz>

Destroy user's sessions when (Bug 1328705)
- users change his/her password - admins delete the user's account Change-Id: Id88207309770dae3eb803abe1f23f97a6b8eb3c8 Signed-off-by: Son Nguyen <son.nguyen@catalyst.net.nz>
92113c29 · Son Nguyen · Robert Lyon · 07551cc0 · 92113c29 · 92113c29
Commit 92113c29 authored Jun 16, 2014 by Son Nguyen Committed by Robert Lyon Jul 30, 2014
--- a/htdocs/account/index.php
+++ b/htdocs/account/index.php
@@ -181,12 +181,14 @@ function accountprefs_submit(Pieform $form, $values) {
    $authobj = AuthFactory::create($USER->authinstance);

    db_begin();
+    $ispasswordchanged = false;
    if (isset($values['password1']) && $values['password1'] !== '') {
        global $authclass;
        $password = $authobj->change_password($USER, $values['password1']);
        $USER->password = $password;
        $USER->passwordchange = 0;
        $USER->commit();
+        $ispasswordchanged = true;
    }

    // use this as looping through values is not safe.
@@ -234,6 +236,12 @@ function accountprefs_submit(Pieform $form, $values) {
        $reload = true;
    }

+    if ($ispasswordchanged) {
+        // Destroy other sessions of the user
+        require_once(get_config('docroot') . 'auth/session.php');
+        remove_user_sessions($USER->get('id'));
+    }
+
    db_commit();

    $returndata['message'] = get_string('prefssaved', 'account');

--- a/htdocs/lib/user.php
+++ b/htdocs/lib/user.php
@@ -1382,6 +1382,10 @@ function delete_user($userid) {

    handle_event('deleteuser', $userid);

+    // Destroy all active sessions of the deleted user
+    require_once(get_config('docroot') . 'auth/session.php');
+    remove_user_sessions($userid);
+
    db_commit();
 }