fixes #383, purge sessions on invalid user ids

2026-03-28 17:42:57 +01:00 · 2016-02-13 15:32:06 +01:00
parent bfb8b0b0fd
commit a6fbaf69c7
1 changed files with 40 additions and 0 deletions
--- a/admin/maintenance.php
+++ b/admin/maintenance.php
@@ -109,6 +109,46 @@ DELETE
  case 'sessions' :
  {
    pwg_session_gc();
+
+    // delete all sessions associated to invalid user ids (it should never happen)
+    $query = '
+SELECT
+    id,
+    data
+  FROM '.SESSIONS_TABLE.'
+;';
+    $sessions = query2array($query);
+
+    $query = '
+SELECT
+    '.$conf['user_fields']['id'].' AS id
+  FROM '.USERS_TABLE.'
+;';
+    $all_user_ids = query2array($query, 'id', null);
+
+    $sessions_to_delete = array();
+
+    foreach ($sessions as $session)
+    {
+      if (preg_match('/pwg_uid\|i:(\d+);/', $session['data'], $matches))
+      {
+        if (!isset($all_user_ids[ $matches[1] ]))
+        {
+          $sessions_to_delete[] = $session['id'];
+        }
+      }
+    }
+
+    if (count($sessions_to_delete) > 0)
+    {
+      $query = '
+DELETE
+  FROM '.SESSIONS_TABLE.'
+  WHERE id IN (\''.implode("','", $sessions_to_delete).'\')
+;';
+      pwg_query($query);
+    }
+
    break;
  }
  case 'feeds' :