sec(Users) logout user when deleted

tsolucio · Oct 31, 2021 · fb7c6c4 · fb7c6c4
1 parent cf14198
commit fb7c6c4
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/index.php b/index.php
@@ -141,7 +141,7 @@
 	header("Location: index.php?action=$default_action&module=$default_module");
 }
 
-if ($use_current_login) {
+if ($use_current_login && coreBOS_Settings::SettingExists('cbodUserConnection'.$_SESSION['authenticated_user_id'])) {
 	//getting the internal_mailer flag
 	if (!isset($_SESSION['internal_mailer'])) {
 		$qry_res = $adb->pquery('select internal_mailer from vtiger_users where id=?', array($_SESSION['authenticated_user_id']));
@@ -163,6 +163,7 @@
 		echo 'Login';
 		die();
 	}
+	coreBOS_Session::delete('authenticated_user_id');
 	$action = 'Login';
 	$module = 'Users';
 	include 'modules/Users/Login.php';

diff --git a/modules/Users/Users.php b/modules/Users/Users.php
@@ -1499,6 +1499,12 @@ public function transformOwnerShipAndDelete($userId, $transformToUserId) {
 		$adb->pquery('delete from vtiger_users where id=?', array($userId));
 		//Delete user extension in asterisk.
 		$adb->pquery('delete from vtiger_asteriskextensions where userid=?', array($userId));
+		// close user session
+		coreBOS_Settings::delSetting('cbodUserConnection'.$userId);
+		coreBOS_Settings::delSetting('cbodLastLoginTime'.$userId);
+		// delete user files if they exist
+		@unlink('user_privileges/sharing_privileges_'.$userId.'.php');
+		@unlink('user_privileges/user_privileges_'.$userId.'.php');
 	}
 
 	/**