From 124f7cad284d7ce867666def5731ad34a9265e63 Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Fri, 13 Feb 2015 16:41:50 -0500
Subject: Check if the user session match an existing user

---
 app/Model/Authentication.php |  7 +++++++
 app/Model/User.php           | 12 ++++++++++++
 2 files changed, 19 insertions(+)

(limited to 'app/Model')

diff --git a/app/Model/Authentication.php b/app/Model/Authentication.php
index 92898cd5..86c1c43f 100644
--- a/app/Model/Authentication.php
+++ b/app/Model/Authentication.php
@@ -42,6 +42,13 @@ class Authentication extends Base
         // If the user is already logged it's ok
         if ($this->userSession->isLogged()) {
 
+            // Check if the user session match an existing user
+            if (! $this->user->exists($this->userSession->getId())) {
+                $this->backend('rememberMe')->destroy($this->userSession->getId());
+                $this->session->close();
+                return false;
+            }
+
             // We update each time the RememberMe cookie tokens
             if ($this->backend('rememberMe')->hasCookie()) {
                 $this->backend('rememberMe')->refresh();
diff --git a/app/Model/User.php b/app/Model/User.php
index 01be8597..7586f3c4 100644
--- a/app/Model/User.php
+++ b/app/Model/User.php
@@ -28,6 +28,18 @@ class User extends Base
      */
     const EVERYBODY_ID = -1;
 
+    /**
+     * Return true if the user exists
+     *
+     * @access public
+     * @param  integer    $user_id   User id
+     * @return boolean
+     */
+    public function exists($user_id)
+    {
+        return $this->db->table(self::TABLE)->eq('id', $user_id)->count() === 1;
+    }
+
     /**
      * Get query to fetch all users
      *
-- 
cgit v1.2.3