From a6fbaf69c71c3b39666a6323c4c6bbb7cbb98310 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Sat, 13 Feb 2016 15:32:06 +0100
Subject: fixes #383, purge sessions on invalid user ids

---
 admin/maintenance.php | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

(limited to 'admin')

diff --git a/admin/maintenance.php b/admin/maintenance.php
index 9befd5032..3728d6094 100644
--- a/admin/maintenance.php
+++ b/admin/maintenance.php
@@ -109,6 +109,46 @@ DELETE
   case 'sessions' :
   {
     pwg_session_gc();
+
+    // delete all sessions associated to invalid user ids (it should never happen)
+    $query = '
+SELECT
+    id,
+    data
+  FROM '.SESSIONS_TABLE.'
+;';
+    $sessions = query2array($query);
+
+    $query = '
+SELECT
+    '.$conf['user_fields']['id'].' AS id
+  FROM '.USERS_TABLE.'
+;';
+    $all_user_ids = query2array($query, 'id', null);
+
+    $sessions_to_delete = array();
+
+    foreach ($sessions as $session)
+    {
+      if (preg_match('/pwg_uid\|i:(\d+);/', $session['data'], $matches))
+      {
+        if (!isset($all_user_ids[ $matches[1] ]))
+        {
+          $sessions_to_delete[] = $session['id'];
+        }
+      }
+    }
+
+    if (count($sessions_to_delete) > 0)
+    {
+      $query = '
+DELETE
+  FROM '.SESSIONS_TABLE.'
+  WHERE id IN (\''.implode("','", $sessions_to_delete).'\')
+;';
+      pwg_query($query);
+    }
+
     break;
   }
   case 'feeds' :
-- 
cgit v1.2.3