Do not allow a user to access the app if their account was removed.

2023-03-13 07:42:06 +01:00 · 2023-03-13 07:42:06 +01:00 · e1a8de1652
commit e1a8de1652
parent f3a3fb047e
2 changed files with 40 additions and 7 deletions
--- a/application/core/EA_Controller.php
+++ b/application/core/EA_Controller.php
@ -75,6 +75,10 @@ class EA_Controller extends CI_Controller {
    {
        parent::__construct();

+        $this->load->library('accounts');
+
+        $this->ensure_user_exists();
+
        $this->configure_language();

        $this->load_common_html_vars();
@ -125,4 +129,21 @@ class EA_Controller extends CI_Controller {
            'csrf_token' => $this->security->get_csrf_hash(),
        ]);
    }
+
+    private function ensure_user_exists()
+    {
+        $user_id = session('user_id');
+
+        if ( ! $user_id)
+        {
+            return;
+        }
+
+        if ( ! $this->accounts->does_account_exist($user_id))
+        {
+            session_destroy();
+
+            abort(403, 'Forbidden');
+        }
+    }
 }
--- a/application/libraries/Accounts.php
+++ b/application/libraries/Accounts.php
@ -146,4 +146,16 @@ class Accounts {

        return $new_password;
    }
+
+    /**
+     * Check if a user account exists or not.
+     *
+     * @param int $user_id
+     *
+     * @return bool
+     */
+    public function does_account_exist(int $user_id): bool
+    {
+        return $this->CI->users_model->query()->where(['id' => $user_id, 'delete_datetime' => NULL])->get()->num_rows() > 0;
+    }
 }