From 05d5ce155e474db3f3cd0901f16aac0c3dce48ca Mon Sep 17 00:00:00 2001
From: Florent Bruneau <florent.bruneau@polytechnique.org>
Date: Thu, 27 Mar 2008 18:40:58 +0100
Subject: [PATCH] Kill PHP sessions when a user account is disabled.

This requires a sudo on the kill_sessions script:
www-data ALL=(root) NOPASSWD:/path/to/platal/bin/kill_sessions.sh

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
---
 bin/kill_sessions.sh      | 3 +++
 include/xorg.misc.inc.php | 6 ++++++
 modules/admin.php         | 5 +++++
 modules/core.php          | 6 ++++++
 4 files changed, 20 insertions(+)
 create mode 100755 bin/kill_sessions.sh

diff --git a/bin/kill_sessions.sh b/bin/kill_sessions.sh
new file mode 100755
index 0000000..7816df1
--- /dev/null
+++ b/bin/kill_sessions.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+find /var/lib/php5 -maxdepth 1 -name 'sess_*' -type f -delete
diff --git a/include/xorg.misc.inc.php b/include/xorg.misc.inc.php
index 2c8c88a..86c9fc9 100644
--- a/include/xorg.misc.inc.php
+++ b/include/xorg.misc.inc.php
@@ -320,6 +320,12 @@ function send_warning_mail($title)
     $mailer->send();
 }
 
+function kill_sessions()
+{
+    assert(S::has_perms());
+    shell_exec('sudo -u root ' . dirname(dirname(__FILE__)) . '/bin/kill_sessions.sh');
+}
+
 
 /******************************************************************************
  * Dynamic configuration update/edition stuff
diff --git a/modules/admin.php b/modules/admin.php
index 206fe72..c4b352d 100644
--- a/modules/admin.php
+++ b/modules/admin.php
@@ -549,6 +549,11 @@ class AdminModule extends PLModule
                                          promo     = $promo,
                                          comment   = '".addslashes($comm)."'
                                    WHERE user_id = '{$mr['user_id']}'";
+                        if ($perms == 'disabled' && $old_fields['perms'] != 'disabled') {
+                            // A user has been banned ==> ensure his php session has been killed
+                            // This solution is ugly and overkill, but, it should be efficient.
+                            kill_sessions();
+                        }
                         if (XDB::execute($query)) {
                             user_reindex($mr['user_id']);
 
diff --git a/modules/core.php b/modules/core.php
index 4e98a8f..f5bac89 100644
--- a/modules/core.php
+++ b/modules/core.php
@@ -29,6 +29,7 @@ class CoreModule extends PLModule
             'login'       => $this->make_hook('login',      AUTH_COOKIE),
             'send_bug'    => $this->make_hook('bug', AUTH_COOKIE),
             'purge_cache' => $this->make_hook('purge_cache', AUTH_COOKIE, 'admin'),
+            'kill_sessions' => $this->make_hook('kill_sessions', AUTH_COOKIE, 'admin'),
             'get_rights'  => $this->make_hook('get_rights', AUTH_MDP, 'admin'),
 
             'wiki_help'    => $this->make_hook('wiki_help', AUTH_PUBLIC),
@@ -86,6 +87,11 @@ class CoreModule extends PLModule
         http_redirect(empty($_SERVER['HTTP_REFERER']) ? './' : $_SERVER['HTTP_REFERER']);
     }
 
+    function handler_kill_sessions(&$page)
+    {
+        kill_sessions();
+    }
+
     function handler_get_rights(&$page, $level)
     {
         if (S::has('suid')) {
-- 
2.1.4