webui: remove passwords from sessions, 'remember me' works for all auth types (#4134)

* Updated to remove passwords from sessions * Remove users sessions when user deleted * Updated when cookies are set * Updated setcookies to always contain a value * Added destroy_cookies() to remove users cookies on failed login * Removed debug line * Fixed graph issues
2024-10-07 16:52:45 +00:00 · 2016-09-13 03:41:19 +01:00
parent a710c4a33c
commit deb4b74bc9
10 changed files with 55 additions and 83 deletions
--- a/html/includes/authentication/ad-authorization.inc.php
+++ b/html/includes/authentication/ad-authorization.inc.php
@@ -53,14 +53,6 @@ function authenticate($username, $password)
    return 0;
 }

-
-function reauthenticate()
-{
-    // not supported so return 0
-    return 0;
-}
-
-
 function passwordscanchange()
 {
    // not supported so return 0
@@ -204,6 +196,7 @@ function deluser($username)
    dbDelete('ports_perms', '`user_name` =  ?', array($username));
    dbDelete('users_prefs', '`user_name` =  ?', array($username));
    dbDelete('users', '`user_name` =  ?', array($username));
+    dbDelete('session', '`session_username` =  ?', array($username));
    return dbDelete('users', '`username` =  ?', array($username));
 }