diff --git a/app/Libraries/Aauth.php b/app/Libraries/Aauth.php index 62119b3..668814e 100644 --- a/app/Libraries/Aauth.php +++ b/app/Libraries/Aauth.php @@ -313,6 +313,41 @@ class Aauth if (password_verify($password, $user['password'])) { + $loginTokenModel = new LoginTokenModel(); + + if ($this->config->loginSingleMode) + { + $loginTokenModel->deleteAll($user['id']); + $userSessionModel = new UserSessionModel(); + foreach ($userSessionModel->findAll() as $userSessionRow) + { + $result = $matches = []; + $sessionData = ';' . $userSessionRow['data']; + $keyreg = '/;([^|{}"]+)\|/'; + + preg_match_all($keyreg, $sessionData, $matches); + + if (isset($matches[1])) + { + $keys = $matches[1]; + $values = preg_split($keyreg, $sessionData); + + if (count($values) > 1) + { + array_shift($values); + } + + $result = array_combine($keys, $values); + $userSession = unserialize($result['user']); + + if ($userSession['id'] === $user['id']) + { + $userSessionModel->delete($userSessionRow['id']); + } + } + } + } + $data['id'] = $user['id']; $data['username'] = $user['username']; $data['email'] = $user['email']; @@ -322,11 +357,10 @@ class Aauth if ($remember) { helper('text'); - $loginTokenModel = new LoginTokenModel(); - $expire = $this->config->loginRemember; - $userId = base64_encode($user['id']); - $randomString = random_string('alnum', 32); - $selectorString = random_string('alnum', 16); + $expire = $this->config->loginRemember; + $userId = base64_encode($user['id']); + $randomString = random_string('alnum', 32); + $selectorString = random_string('alnum', 16); $cookieData['name'] = $this->config->loginRememberCookie; $cookieData['value'] = $userId . ';' . $randomString . ';' . $selectorString; diff --git a/app/Models/Aauth/LoginTokenModel.php b/app/Models/Aauth/LoginTokenModel.php index 53ab52f..aad1f34 100644 --- a/app/Models/Aauth/LoginTokenModel.php +++ b/app/Models/Aauth/LoginTokenModel.php @@ -161,6 +161,22 @@ class LoginTokenModel return true; } + /** + * Deletes all Login Tokens by userId. + * + * @param integer $userId User id + * + * @return boolean + */ + public function deleteAll(int $userId) + { + $builder = $this->builder(); + $builder->where('user_id', $userId); + $builder->delete(); + + return true; + } + /** * Provides a shared instance of the Query Builder. * diff --git a/app/Models/Aauth/UserSessionModel.php b/app/Models/Aauth/UserSessionModel.php index aecb4da..920b08c 100644 --- a/app/Models/Aauth/UserSessionModel.php +++ b/app/Models/Aauth/UserSessionModel.php @@ -95,7 +95,6 @@ class UserSessionModel $this->config = new AauthConfig(); $this->DBGroup = $this->config->dbProfile; $this->table = $this->config->dbTableUserSessions; - $this->tempReturnType = $this->returnType; if ($db instanceof ConnectionInterface) { @@ -122,9 +121,7 @@ class UserSessionModel $builder->where("data NOT LIKE CONCAT('%', timestamp, '%')"); $builder->like('data', 'user|'); - $this->tempReturnType = $this->returnType; - - return $builder->get()->getResult($this->tempReturnType); + return $builder->get()->getResult($this->returnType); } /** diff --git a/tests/Aauth/Database/LoginTokenModelTest.php b/tests/Aauth/Database/LoginTokenModelTest.php index 42aca3a..d530fa8 100644 --- a/tests/Aauth/Database/LoginTokenModelTest.php +++ b/tests/Aauth/Database/LoginTokenModelTest.php @@ -45,6 +45,13 @@ class LoginTokenModelTest extends CIDatabaseTestCase $this->assertCount(0, $this->model->findAllByUserId(99)); } + public function testDeleteAll() + { + $this->model->insert(['user_id' => 99, 'random_hash' => 'random_hash9999']); + $this->model->deleteAll(99); + $this->assertCount(0, $this->model->findAllByUserId(99)); + } + public function testConfigDBGroup() { $this->model = new LoginTokenModel();