Check if the user session match an existing user

2 files changed, 19 insertions, 0 deletions

diff --git a/app/Model/Authentication.php b/app/Model/Authentication.php
index 92898cd5..86c1c43f 100644
--- a/app/Model/Authentication.php
+++ b/app/Model/Authentication.php
@@ -42,6 +42,13 @@ class Authentication extends Base
         // If the user is already logged it's ok
         if ($this->userSession->isLogged()) {
 
+            // Check if the user session match an existing user
+            if (! $this->user->exists($this->userSession->getId())) {
+                $this->backend('rememberMe')->destroy($this->userSession->getId());
+                $this->session->close();
+                return false;
+            }
+
             // We update each time the RememberMe cookie tokens
             if ($this->backend('rememberMe')->hasCookie()) {
                 $this->backend('rememberMe')->refresh();
diff --git a/app/Model/User.php b/app/Model/User.php
index 01be8597..7586f3c4 100644
--- a/app/Model/User.php
+++ b/app/Model/User.php
@@ -29,6 +29,18 @@ class User extends Base
     const EVERYBODY_ID = -1;
 
     /**
+     * Return true if the user exists
+     *
+     * @access public
+     * @param  integer    $user_id   User id
+     * @return boolean
+     */
+    public function exists($user_id)
+    {
+        return $this->db->table(self::TABLE)->eq('id', $user_id)->count() === 1;
+    }
+
+    /**
      * Get query to fetch all users
      *
      * @access public