summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrederic Guillot <fred@kanboard.net>2015-02-13 16:41:50 -0500
committerFrederic Guillot <fred@kanboard.net>2015-02-13 16:41:50 -0500
commit124f7cad284d7ce867666def5731ad34a9265e63 (patch)
tree14a933c77cbd2aa13f630cca8c697471a80b1ce5
parent8fde5df4f829e9ea2c3a9262512a34a584e4b4e5 (diff)
Check if the user session match an existing user
-rw-r--r--app/Model/Authentication.php7
-rw-r--r--app/Model/User.php12
2 files changed, 19 insertions, 0 deletions
diff --git a/app/Model/Authentication.php b/app/Model/Authentication.php
index 92898cd5..86c1c43f 100644
--- a/app/Model/Authentication.php
+++ b/app/Model/Authentication.php
@@ -42,6 +42,13 @@ class Authentication extends Base
// If the user is already logged it's ok
if ($this->userSession->isLogged()) {
+ // Check if the user session match an existing user
+ if (! $this->user->exists($this->userSession->getId())) {
+ $this->backend('rememberMe')->destroy($this->userSession->getId());
+ $this->session->close();
+ return false;
+ }
+
// We update each time the RememberMe cookie tokens
if ($this->backend('rememberMe')->hasCookie()) {
$this->backend('rememberMe')->refresh();
diff --git a/app/Model/User.php b/app/Model/User.php
index 01be8597..7586f3c4 100644
--- a/app/Model/User.php
+++ b/app/Model/User.php
@@ -29,6 +29,18 @@ class User extends Base
const EVERYBODY_ID = -1;
/**
+ * Return true if the user exists
+ *
+ * @access public
+ * @param integer $user_id User id
+ * @return boolean
+ */
+ public function exists($user_id)
+ {
+ return $this->db->table(self::TABLE)->eq('id', $user_id)->count() === 1;
+ }
+
+ /**
* Get query to fetch all users
*
* @access public