Add session management features: implement user session revocation on password change, enhance session validation, and update UI for password change functionality
This commit is contained in:
22
common.php
22
common.php
@ -201,6 +201,28 @@ function token_revoke(string $token): void {
|
||||
qdb_save($tmpDb, $lockFp);
|
||||
}
|
||||
|
||||
/** Revoke all sessions for one user on an open writable connection. */
|
||||
function token_revoke_all_for_user_on_pdo(PDO $pdo, string $userID): int {
|
||||
if ($userID === '') {
|
||||
return 0;
|
||||
}
|
||||
$stmt = $pdo->prepare('DELETE FROM session WHERE userID = :uid');
|
||||
$stmt->execute([':uid' => $userID]);
|
||||
return $stmt->rowCount();
|
||||
}
|
||||
|
||||
/** Revoke every login session for a user (after password change or admin reset). */
|
||||
function token_revoke_all_for_user(string $userID): int {
|
||||
if ($userID === '') {
|
||||
return 0;
|
||||
}
|
||||
require_once __DIR__ . '/db_init.php';
|
||||
[$pdo, $tmpDb, $lockFp] = qdb_open(true);
|
||||
$removed = token_revoke_all_for_user_on_pdo($pdo, $userID);
|
||||
qdb_save($tmpDb, $lockFp);
|
||||
return $removed;
|
||||
}
|
||||
|
||||
// --- Auth helpers for endpoints ---
|
||||
function get_bearer_token(): ?string {
|
||||
$auth = $_SERVER['HTTP_AUTHORIZATION'] ?? ($_SERVER['Authorization'] ?? '');
|
||||
|
||||
Reference in New Issue
Block a user