Merge branch 'ticket/bantu/9526' into develop-olympus

* ticket/bantu/9526: [ticket/9526] If an admin changes a user's 'user_allow_viewonline' flag to 'hide me' the admin usually wants that user to be hidden immediately. We therefore have to update his session if one exists.
2025-06-28 14:18:52 +00:00 · 2010-05-14 02:28:59 +02:00 · 2010-05-14 02:28:59 +02:00 · 928fbb0126
commit 928fbb0126
parent c7e8e7e0bc cb642cff11
1 changed files with 25 additions and 0 deletions
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@ -1550,6 +1550,31 @@ class acp_users
 							WHERE user_id = $user_id";
 						$db->sql_query($sql);

+						// Check if user has an active session
+						if ($user_row['session_id'])
+						{
+							// We'll update the session if user_allow_viewonline has changed and the user is a bot
+							// Or if it's a regular user and the admin set it to hide the session
+							if ($user_row['user_allow_viewonline'] != $sql_ary['user_allow_viewonline'] && $user_row['user_type'] == USER_IGNORE
+								|| $user_row['user_allow_viewonline'] && !$sql_ary['user_allow_viewonline'])
+							{
+								// We also need to check if the user has the permission to cloak.
+								$user_auth = new auth();
+								$user_auth->acl($user_row);
+
+								$session_sql_ary = array(
+									'session_viewonline'	=> ($user_auth->acl_get('u_hideonline')) ? $sql_ary['user_allow_viewonline'] : true,
+								);
+
+								$sql = 'UPDATE ' . SESSIONS_TABLE . '
+									SET ' . $db->sql_build_array('UPDATE', $session_sql_ary) . "
+									WHERE session_user_id = $user_id";
+								$db->sql_query($sql);
+
+								unset($user_auth);
+							}
+						}
+
 						trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 					}