From cb642cff1175a4c381e4dd9e5348e44cc7e33f9d Mon Sep 17 00:00:00 2001
From: Andreas Fischer <bantu@phpbb.com>
Date: Mon, 12 Apr 2010 21:00:24 +0200
Subject: [PATCH] [ticket/9526] If an admin changes a user's
 'user_allow_viewonline' flag to 'hide me' the admin usually wants that user
 to be hidden immediately. We therefore have to update his session if one
 exists. In the UCP this is not necessary, because there is code in
 $user->setup() that updates the session table on the next page reload.

Since we cannot tell if the user generally wants to be hidden or the user only wants to be hidden for one session, we only update the session table when setting the flag to 'hide me', but not 'show me' - equivalent to how it works in the UCP.

If the user is a bot we however also update the session when setting the flag to 'show me' because bots cannot login at all.

PHPBB3-9526
---
 phpBB/includes/acp/acp_users.php | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index 4905840e02..cc196a5869 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -1550,6 +1550,31 @@ class acp_users
 							WHERE user_id = $user_id";
 						$db->sql_query($sql);
 
+						// Check if user has an active session
+						if ($user_row['session_id'])
+						{
+							// We'll update the session if user_allow_viewonline has changed and the user is a bot
+							// Or if it's a regular user and the admin set it to hide the session
+							if ($user_row['user_allow_viewonline'] != $sql_ary['user_allow_viewonline'] && $user_row['user_type'] == USER_IGNORE
+								|| $user_row['user_allow_viewonline'] && !$sql_ary['user_allow_viewonline'])
+							{
+								// We also need to check if the user has the permission to cloak.
+								$user_auth = new auth();
+								$user_auth->acl($user_row);
+
+								$session_sql_ary = array(
+									'session_viewonline'	=> ($user_auth->acl_get('u_hideonline')) ? $sql_ary['user_allow_viewonline'] : true,
+								);
+
+								$sql = 'UPDATE ' . SESSIONS_TABLE . '
+									SET ' . $db->sql_build_array('UPDATE', $session_sql_ary) . "
+									WHERE session_user_id = $user_id";
+								$db->sql_query($sql);
+
+								unset($user_auth);
+							}
+						}
+
 						trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 					}