User doesn't disconnect after change his password

This topic is locked

User doesn't disconnect after change his password	7/17/2020 4:42:00 AM
PHPRunner General questions
S sadisticmagician author Hello, I changed an user password but him doesn't disconnect, how I can force user logout? thanks

Mark as Solved Mark as not solved

5 replies


W	wpl 7/17/2020
	Hello, you might have a look at: Security logout Regards


S	sadisticmagician author 7/17/2020
	Hello, you might have a look at: Security logout Regards Thanks for reply. But where I need to insert Security::logout(), in 'After successful login?'


	Sergey Kornilov admin 7/17/2020
	It depends on where and how you change the user password. Explain the whole situation.


	HJB 7/17/2020
	For inspiration purposes only ... https://xlinesoft.com/phprunner/docs/secapi_check_username_password.htm Above returns TRUE or FALSE after password change by you. RADICAL code below to then be mixed with above code under IF/TRUE/FALSE coding to end the session: `<?php session_start() ... session_unset(); session_destroy(); $_SESSION = array(); ?>` Can of course only work after RE-START of the server with new coding aboard.


D	david22585 7/18/2020
	Hello, I changed an user password but him doesn't disconnect, how I can force user logout? thanks For inspirational purposes only. I used this code on the Events page, After Application Initialized page: `if($_SESSION["UserID"]){ $rs = DB::Query("select logoff from users where id = ".$_SESSION["UserID"]."" ); while( $data = $rs->fetchAssoc() ) { if($data["logoff"] == '1'){ Security::logout(); header("Location: login.php"); exit(); } else { return true; } }} else {}` Break down as follows: `if($_SESSION["UserID"]){` This looks to see if a session has been established. If one is established, it will run the first IF statement, which is checking to see if the user has been made to force a logout or not. `$rs = DB::Query("select logoff from users where id = ".$_SESSION["UserID"]."" ); while( $data = $rs->fetchAssoc() ) {` This will query the DB users table where their logoff status is based on their user id. For example, if you set a flag of '0' for logoff, it will allow them to use the application. If their logoff is set to '1', then it will execute the following code `if($data["logoff"] == '1'){ Security::logout(); header("Location: login.php"); exit(); }` If their logoff isn't set to '1', then it will allow them to continue to use the application as below. `else { return true; } }} else {}` I just threw this together, and there may be a better way to do this but I am far from a professional programmer. I would set up the logoff field to be set as 1 if you change their password. I would also set a query on the after successful login or somewhere else to query to see if logoff is set to 0 or 1. If it's set to 0, do nothing. If it's set to 1, update the status to 0. For example, this could be used on the After Successful Login Event code: `$rs = DB::Query("select logoff from users where id = ".$_SESSION["UserID"]."" ); while( $data = $rs->fetchAssoc() ) { if($data["logoff"] == '1'){ DB::Exec("UPDATE users SET logoff=0 WHERE id = ".$_SESSION["UserID"]."" ); } else { } }` I did a quick test, and it works. Please let me know if this works for you or not. If anyone else has any input on this as well, please let me know of ways to improve this.

5 replies

Mark as Solved Reply