From 5f43786f52c3d517e7665abd25d534e180e08dc5 Mon Sep 17 00:00:00 2001
From: Thorsten Rinne <thorsten@phpmyfaq.de>
Date: Fri, 22 Sep 2023 21:55:18 +0200
Subject: [PATCH] fix: terminate user sessions for user with changed
 permissions

---
 phpmyfaq/admin/api/user.php                 |  3 +--
 phpmyfaq/admin/assets/src/user/user-list.js |  2 +-
 phpmyfaq/admin/user.php                     |  3 +++
 phpmyfaq/src/phpMyFAQ/User.php              | 15 +++++++++++++++
 4 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/phpmyfaq/admin/api/user.php b/phpmyfaq/admin/api/user.php
index 5841e7821c..786f00b9e1 100644
--- a/phpmyfaq/admin/api/user.php
+++ b/phpmyfaq/admin/api/user.php
@@ -115,8 +115,7 @@
 
         case 'activate_user':
             $postData = json_decode(file_get_contents('php://input', true));
-
-            if (!Token::getInstance()->verifyToken('user', $postData->csrfToken)) {
+            if (!Token::getInstance()->verifyToken('activate-user', $postData->csrfToken)) {
                 $response->setStatusCode(Response::HTTP_UNAUTHORIZED);
                 $response->setData(['error' => Translation::get('err_NotAuth')]);
                 $response->send();
diff --git a/phpmyfaq/admin/assets/src/user/user-list.js b/phpmyfaq/admin/assets/src/user/user-list.js
index b551bd7562..d72c0a4f0e 100644
--- a/phpmyfaq/admin/assets/src/user/user-list.js
+++ b/phpmyfaq/admin/assets/src/user/user-list.js
@@ -18,7 +18,7 @@
 import { addElement } from '../../../../assets/src/utils';
 
 const activateUser = (userId, csrfToken) => {
-  fetch('index.php?action=ajax&ajax=user&ajaxaction=delete_user', {
+  fetch('index.php?action=ajax&ajax=user&ajaxaction=activate_user', {
     method: 'POST',
     headers: {
       Accept: 'application/json, text/plain, */*',
diff --git a/phpmyfaq/admin/user.php b/phpmyfaq/admin/user.php
index 468688fb45..95de52b950 100755
--- a/phpmyfaq/admin/user.php
+++ b/phpmyfaq/admin/user.php
@@ -94,7 +94,10 @@
             foreach ($userRights as $rightId) {
                 $perm->grantUserRight($userId, $rightId);
             }
+
             $idUser = $user->getUserById($userId, true);
+            // Terminate session in case of different permissions after the update
+            $user->terminateSessionId();
             $message .= sprintf(
                 '<p class="alert alert-success">%s <strong>%s</strong> %s</p>',
                 Translation::get('ad_msg_savedsuc_1'),
diff --git a/phpmyfaq/src/phpMyFAQ/User.php b/phpmyfaq/src/phpMyFAQ/User.php
index 4294fd9445..35ae4ec171 100644
--- a/phpmyfaq/src/phpMyFAQ/User.php
+++ b/phpmyfaq/src/phpMyFAQ/User.php
@@ -1037,4 +1037,19 @@ public function setSuperAdmin(bool $isSuperAdmin): bool
 
         return false;
     }
+
+    /**
+     * Terminates the session ID of user
+     * @return bool
+     */
+    public function terminateSessionId(): bool
+    {
+        $update = sprintf(
+            "UPDATE %sfaquser SET session_id = '' WHERE user_id = %d",
+            Database::getTablePrefix(),
+            $this->userId
+        );
+
+        return (bool) $this->config->getDb()->query($update);
+    }
 }