From ab84d9cab2f864c23f0b18dbeb67e7ea79b1fe9f Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Fri, 9 Jun 2017 10:04:23 +0200
Subject: [PATCH] Force logout of banned users

---
 .../install/files/lib/system/WCF.class.php    | 24 ++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/wcfsetup/install/files/lib/system/WCF.class.php b/wcfsetup/install/files/lib/system/WCF.class.php
index 0eaf4a3800..915c7aced6 100644
--- a/wcfsetup/install/files/lib/system/WCF.class.php
+++ b/wcfsetup/install/files/lib/system/WCF.class.php
@@ -134,6 +134,12 @@ class WCF {
 	 */
 	protected static $zendOpcacheEnabled = null;
 	
+	/**
+	 * force logout during destructor call
+	 * @var boolean
+	 */
+	protected static $forceLogout = false;
+	
 	/**
 	 * Calls all init functions of the WCF class.
 	 */
@@ -181,7 +187,13 @@ class WCF {
 			
 			// update session
 			if (is_object(self::getSession())) {
-				self::getSession()->update();
+				if (self::$forceLogout) {
+					// do logout
+					WCF::getSession()->delete();
+				}
+				else {
+					self::getSession()->update();
+				}
 			}
 			
 			// execute shutdown actions of user storage handler
@@ -445,6 +457,16 @@ class WCF {
 				throw new AJAXException(self::getLanguage()->getDynamicVariable('wcf.user.error.isBanned'), AJAXException::INSUFFICIENT_PERMISSIONS);
 			}
 			else {
+				self::$forceLogout = true;
+				
+				// remove cookies
+				if (isset($_COOKIE[COOKIE_PREFIX.'userID'])) {
+					HeaderUtil::setCookie('userID', 0);
+				}
+				if (isset($_COOKIE[COOKIE_PREFIX.'password'])) {
+					HeaderUtil::setCookie('password', '');
+				}
+				
 				throw new NamedUserException(self::getLanguage()->getDynamicVariable('wcf.user.error.isBanned'));
 			}
 		}
-- 
2.20.1