Changeset 1218


Ignore:
Timestamp:
02/23/10 11:55:04 (3 years ago)
Author:
nick_ramsay
Message:

[Branch 1.2] Destroy session and cookie when checking the cookie for deleted, killspammed, banned and suspended users (requires User Signin 0.2)

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/1.2/libs/UserAuth.php

    r1177 r1218  
    5050        $this->name = $h_user; 
    5151        if ($h_user) { 
    52             $this->getUserBasic($h, 0, $this->name); 
    53             $this->loggedIn = true; 
    54             // update user_lastvisit field when a new session is created 
    55             if (!session_id()) { 
    56                 $this->updateUserLastVisit($h); 
    57             } 
    58              
    59             $h->pluginHook('userauth_checkcookie_success'); 
    60         } else { 
    61             $this->setLoggedOutUser($h); 
    62             return false;  
    63         } 
     52            $valid = $this->getUserBasic($h, 0, $this->name); 
     53 
     54            if ($valid) { 
     55                $this->loggedIn = true; 
     56                if (!session_id()) { $this->updateUserLastVisit($h); } // update user_lastvisit field when a new session is created 
     57                $h->pluginHook('userauth_checkcookie_success'); // user_signin throws out killspammed, banned and suspended users 
    6458                 
    65         return true; 
     59                // SUCCESS!!! 
     60                return true; 
     61            } else { 
     62                $h->currentUser->destroyCookieAndSession(); // removes cookie and session for physically deleted users 
     63            } 
     64        } 
     65         
     66        // otherwise, give them "logged out" permissions 
     67        $this->setLoggedOutUser($h); 
     68        return false;  
    6669    } 
    6770     
Note: See TracChangeset for help on using the changeset viewer.