From 124f7cad284d7ce867666def5731ad34a9265e63 Mon Sep 17 00:00:00 2001 From: Frederic Guillot Date: Fri, 13 Feb 2015 16:41:50 -0500 Subject: Check if the user session match an existing user --- app/Model/Authentication.php | 7 +++++++ app/Model/User.php | 12 ++++++++++++ 2 files changed, 19 insertions(+) diff --git a/app/Model/Authentication.php b/app/Model/Authentication.php index 92898cd5..86c1c43f 100644 --- a/app/Model/Authentication.php +++ b/app/Model/Authentication.php @@ -42,6 +42,13 @@ class Authentication extends Base // If the user is already logged it's ok if ($this->userSession->isLogged()) { + // Check if the user session match an existing user + if (! $this->user->exists($this->userSession->getId())) { + $this->backend('rememberMe')->destroy($this->userSession->getId()); + $this->session->close(); + return false; + } + // We update each time the RememberMe cookie tokens if ($this->backend('rememberMe')->hasCookie()) { $this->backend('rememberMe')->refresh(); diff --git a/app/Model/User.php b/app/Model/User.php index 01be8597..7586f3c4 100644 --- a/app/Model/User.php +++ b/app/Model/User.php @@ -28,6 +28,18 @@ class User extends Base */ const EVERYBODY_ID = -1; + /** + * Return true if the user exists + * + * @access public + * @param integer $user_id User id + * @return boolean + */ + public function exists($user_id) + { + return $this->db->table(self::TABLE)->eq('id', $user_id)->count() === 1; + } + /** * Get query to fetch all users * -- cgit v1.2.3