I am an intermediate in CodeIgniter framework
I am going to develop a new system that having "Admin, Manager, Employee" Roles. I need if admin or manager changes any employee password, the employee session need to destroy and logout from their account.
I didn't have any idea about that. Anyone can help how to do this and for this which type of session save path I have to select?
Admin, manager side : They change employee password.
In Employee side : Each time you retrieve employee data, check if password status is changed. If so, then destroy session for the employee.
On successful login again, set password status to null or something.
There is a simple solution for that:
1 - Add a field in your users table called "forcelogout" for example, It can be an ENUM with 2 choices 'Y' or 'N' and default value 'N'
ALTER TABLE `users` ADD COLUMN `forcelogout` ENUM('Y','N') NOT NULL DEFAULT 'N' COMMENT 'Y: force user to logout, N: nothing to do'
2 - When updating the user password, update that field value to 'N'
3 - In you parent controller (application/core/MY_Controller.php), check "forcelogout" value and logout user if it's 'Y'. Then update the value to 'N' to avoid loop
public function __construct()
{
$this->do_we_need_to_logout_user();
}
private function do_we_need_to_logout_user(){
$this->load->model('users_model');
$user = $this->users_model->get_user($this->session->user_id);
if ( $user[0]->forcelogout == 'Y' ){
$user_id = $this->session->user_id;
$this->session->sess_destroy();
$user = array();
$user['forcelogout'] = 'N';
$this->users_model->update_user($user_id, $user);
redirect('/login');
}
}