Add session management features: implement user session revocation on password change, enhance session validation, and update UI for password change functionality

This commit is contained in:
tom.hempel
2026-06-01 23:11:00 +02:00
parent e4d55f4c90
commit 43c47bca6d
13 changed files with 472 additions and 200 deletions

View File

@ -201,6 +201,28 @@ function token_revoke(string $token): void {
qdb_save($tmpDb, $lockFp);
}
/** Revoke all sessions for one user on an open writable connection. */
function token_revoke_all_for_user_on_pdo(PDO $pdo, string $userID): int {
if ($userID === '') {
return 0;
}
$stmt = $pdo->prepare('DELETE FROM session WHERE userID = :uid');
$stmt->execute([':uid' => $userID]);
return $stmt->rowCount();
}
/** Revoke every login session for a user (after password change or admin reset). */
function token_revoke_all_for_user(string $userID): int {
if ($userID === '') {
return 0;
}
require_once __DIR__ . '/db_init.php';
[$pdo, $tmpDb, $lockFp] = qdb_open(true);
$removed = token_revoke_all_for_user_on_pdo($pdo, $userID);
qdb_save($tmpDb, $lockFp);
return $removed;
}
// --- Auth helpers for endpoints ---
function get_bearer_token(): ?string {
$auth = $_SERVER['HTTP_AUTHORIZATION'] ?? ($_SERVER['Authorization'] ?? '');