fixes #383, purge sessions on invalid user ids

author: plegall <plg@piwigo.org> 2016-02-13 15:32:06 +0100
committer: plegall <plg@piwigo.org> 2016-02-13 15:32:06 +0100
commit: a6fbaf69c71c3b39666a6323c4c6bbb7cbb98310 (patch)
tree: c86890b271301e60da3901ea5a9f56fc975e3aed
parent: bfb8b0b0fd2d85ab801e234ee2f7e5b024761919 (diff)
1 files changed, 40 insertions, 0 deletions
diff --git a/admin/maintenance.php b/admin/maintenance.php
index 9befd5032..3728d6094 100644
--- a/admin/maintenance.php
+++ b/admin/maintenance.php
@@ -109,6 +109,46 @@ DELETE
   case 'sessions' :
   {
     pwg_session_gc();
+
+    // delete all sessions associated to invalid user ids (it should never happen)
+    $query = '
+SELECT
+    id,
+    data
+  FROM '.SESSIONS_TABLE.'
+;';
+    $sessions = query2array($query);
+
+    $query = '
+SELECT
+    '.$conf['user_fields']['id'].' AS id
+  FROM '.USERS_TABLE.'
+;';
+    $all_user_ids = query2array($query, 'id', null);
+
+    $sessions_to_delete = array();
+
+    foreach ($sessions as $session)
+    {
+      if (preg_match('/pwg_uid\|i:(\d+);/', $session['data'], $matches))
+      {
+        if (!isset($all_user_ids[ $matches[1] ]))
+        {
+          $sessions_to_delete[] = $session['id'];
+        }
+      }
+    }
+
+    if (count($sessions_to_delete) > 0)
+    {
+      $query = '
+DELETE
+  FROM '.SESSIONS_TABLE.'
+  WHERE id IN (\''.implode("','", $sessions_to_delete).'\')
+;';
+      pwg_query($query);
+    }
+
     break;
   }
   case 'feeds' :
author	plegall <plg@piwigo.org>	2016-02-13 15:32:06 +0100
committer	plegall <plg@piwigo.org>	2016-02-13 15:32:06 +0100
commit	a6fbaf69c71c3b39666a6323c4c6bbb7cbb98310 (patch)
tree	c86890b271301e60da3901ea5a9f56fc975e3aed
parent	bfb8b0b0fd2d85ab801e234ee2f7e5b024761919 (diff)