Check if the user session match an existing user

2015-02-13 16:41:50 -05:00 · 2015-02-13 16:41:50 -05:00 · 124f7cad28
parent 8fde5df4f8
commit 124f7cad28
2 changed files with 19 additions and 0 deletions
--- a/app/Model/Authentication.php
+++ b/app/Model/Authentication.php
@ -42,6 +42,13 @@ class Authentication extends Base
        // If the user is already logged it's ok
        if ($this->userSession->isLogged()) {

+            // Check if the user session match an existing user
+            if (! $this->user->exists($this->userSession->getId())) {
+                $this->backend('rememberMe')->destroy($this->userSession->getId());
+                $this->session->close();
+                return false;
+            }
+
            // We update each time the RememberMe cookie tokens
            if ($this->backend('rememberMe')->hasCookie()) {
                $this->backend('rememberMe')->refresh();
--- a/app/Model/User.php
+++ b/app/Model/User.php
@ -28,6 +28,18 @@ class User extends Base
     */
    const EVERYBODY_ID = -1;

+    /**
+     * Return true if the user exists
+     *
+     * @access public
+     * @param  integer    $user_id   User id
+     * @return boolean
+     */
+    public function exists($user_id)
+    {
+        return $this->db->table(self::TABLE)->eq('id', $user_id)->count() === 1;
+    }
+
    /**
     * Get query to fetch all users
     *