From: joshuaruesweg Date: Mon, 26 Oct 2020 13:42:04 +0000 (+0100) Subject: Add new intern method to delete sessions except a specific one X-Git-Tag: 5.4.0_Alpha_1~656^2~11 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=0790f6e0b11e5db976dbdcf00e177803ef5048cb;p=GitHub%2FWoltLab%2FWCF.git Add new intern method to delete sessions except a specific one --- diff --git a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php index 374138084f..e2b13a227b 100644 --- a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php +++ b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php @@ -1035,42 +1035,38 @@ final class SessionHandler extends SingletonFactory { /** * Deletes the user sessions for a specific user, except the session with the given session id. - * If the given session id is null or unknown, all sessions for the user will be deleted. * + * If the given session id is `null` or unknown, all sessions of the user will be deleted. + * + * @throws \InvalidArgumentException if the given user is a guest. * @since 5.4 */ public function deleteUserSessionsExcept(User $user, ?string $sessionID = null): void { - if ($user->userID === 0) { - throw new \InvalidArgumentException("The given user is a guest."); - } - - $conditionBuilder = new PreparedStatementConditionBuilder(); - $conditionBuilder->add('userID = ?', [$user->userID]); - - if ($sessionID !== null) { - $conditionBuilder->add('sessionID <> ?', [$sessionID]); - } - - $sql = "DELETE FROM wcf".WCF_N."_user_session - ". $conditionBuilder; - $statement = WCF::getDB()->prepareStatement($sql); - $statement->execute($conditionBuilder->getParameters()); - - // Delete legacy session. - $sql = "DELETE FROM wcf".WCF_N."_session - ". $conditionBuilder; - $statement = WCF::getDB()->prepareStatement($sql); - $statement->execute($conditionBuilder->getParameters()); + $this->deleteSessionsExcept($user, $sessionID); } /** * Deletes the acp sessions for a specific user, except the session with the given session id. - * If the given session id is null or unknown, all acp sessions for the user will be deleted. * + * If the given session id is `null` or unknown, all acp sessions of the user will be deleted. + * + * @throws \InvalidArgumentException if the given user is a guest. * @since 5.4 */ public function deleteAcpSessionsExcept(User $user, ?string $sessionID = null): void { - if ($user->userID === 0) { + $this->deleteSessionsExcept($user, $sessionID, true); + } + + /** + * Deletes the sessions for a specific user, except the session with the given session id. + * + * If the given session id is `null` or unknown, all acp sessions of the user will be deleted. + * + * @throws \InvalidArgumentException if the given user is a guest. + * @since 5.4 + */ + private function deleteSessionsExcept(User $user, ?string $sessionID = null, bool $isAcp = false): void { + if (!$user->userID) { throw new \InvalidArgumentException("The given user is a guest."); } @@ -1081,10 +1077,18 @@ final class SessionHandler extends SingletonFactory { $conditionBuilder->add('sessionID <> ?', [$sessionID]); } - $sql = "DELETE FROM wcf".WCF_N."_acp_session + $sql = "DELETE FROM wcf".WCF_N."_". ($isAcp ? 'acp' : 'user') ."_session ". $conditionBuilder; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute($conditionBuilder->getParameters()); + + if (!$isAcp) { + // Delete legacy session. + $sql = "DELETE FROM wcf".WCF_N."_session + ". $conditionBuilder; + $statement = WCF::getDB()->prepareStatement($sql); + $statement->execute($conditionBuilder->getParameters()); + } } /**