Make WordPress Core


Ignore:
Timestamp:
11/13/2014 03:20:42 PM (10 years ago)
Author:
johnbillion
Message:

Introduce a button on the user profile screen which clears all other sessions, and on the user editing screen which clears all sessions. Only appears when there are applicable sessions which can be cleared.

See #30264.
Props jorbin, ocean90, johnbillion

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/ajax-actions.php

    r30284 r30333  
    27712771    ) );
    27722772}
     2773
     2774/**
     2775 * AJAX handler for destroying multiple open sessions for a user.
     2776 *
     2777 * @since 4.1.0
     2778 *
     2779 */
     2780function wp_ajax_destroy_sessions() {
     2781
     2782    if ( empty( $_POST['user_id'] ) ) {
     2783        $user = new WP_Error();
     2784    } else {
     2785        $user = new WP_User( absint( $_POST['user_id'] ) );
     2786
     2787        if ( ! $user->exists() ) {
     2788            $user = new WP_Error();
     2789        } elseif ( ! current_user_can( 'edit_user', $user->ID ) ) {
     2790            $user = new WP_Error();
     2791        } elseif ( ! check_ajax_referer( sprintf( 'destroy_sessions_%d', $user->ID ), false, false ) ) {
     2792            $user = new WP_Error();
     2793        }
     2794    }
     2795
     2796    if ( is_wp_error( $user ) ) {
     2797        wp_send_json_error( array(
     2798            'message' => __( 'Could not log out user sessions. Please try again.' ),
     2799        ) );
     2800    }
     2801
     2802    if ( isset( $_POST['token'] ) ) {
     2803        $keep = wp_unslash( $_POST['token'] );
     2804    } else {
     2805        $keep = null;
     2806    }
     2807
     2808    $sessions = WP_Session_Tokens::get_instance( $user->ID );
     2809
     2810    if ( is_string( $keep ) ) {
     2811        $sessions->destroy_others( $keep );
     2812        $message = __( 'You are now logged out everywhere else' );
     2813    } else {
     2814        $sessions->destroy_all();
     2815        /* translators: 1: User's display name. */
     2816        $message = sprintf( __( '%s has been logged out' ), $user->display_name );
     2817    }
     2818
     2819    wp_send_json_success( array(
     2820        'message' => $message
     2821    ) );
     2822
     2823}
Note: See TracChangeset for help on using the changeset viewer.