diff options
author | Frederic Guillot <fred@kanboard.net> | 2015-02-13 16:41:50 -0500 |
---|---|---|
committer | Frederic Guillot <fred@kanboard.net> | 2015-02-13 16:41:50 -0500 |
commit | 124f7cad284d7ce867666def5731ad34a9265e63 (patch) | |
tree | 14a933c77cbd2aa13f630cca8c697471a80b1ce5 /app | |
parent | 8fde5df4f829e9ea2c3a9262512a34a584e4b4e5 (diff) |
Check if the user session match an existing user
Diffstat (limited to 'app')
-rw-r--r-- | app/Model/Authentication.php | 7 | ||||
-rw-r--r-- | app/Model/User.php | 12 |
2 files changed, 19 insertions, 0 deletions
diff --git a/app/Model/Authentication.php b/app/Model/Authentication.php index 92898cd5..86c1c43f 100644 --- a/app/Model/Authentication.php +++ b/app/Model/Authentication.php @@ -42,6 +42,13 @@ class Authentication extends Base // If the user is already logged it's ok if ($this->userSession->isLogged()) { + // Check if the user session match an existing user + if (! $this->user->exists($this->userSession->getId())) { + $this->backend('rememberMe')->destroy($this->userSession->getId()); + $this->session->close(); + return false; + } + // We update each time the RememberMe cookie tokens if ($this->backend('rememberMe')->hasCookie()) { $this->backend('rememberMe')->refresh(); diff --git a/app/Model/User.php b/app/Model/User.php index 01be8597..7586f3c4 100644 --- a/app/Model/User.php +++ b/app/Model/User.php @@ -29,6 +29,18 @@ class User extends Base const EVERYBODY_ID = -1; /** + * Return true if the user exists + * + * @access public + * @param integer $user_id User id + * @return boolean + */ + public function exists($user_id) + { + return $this->db->table(self::TABLE)->eq('id', $user_id)->count() === 1; + } + + /** * Get query to fetch all users * * @access public |