logout other logged in user after change his password by admin

[mshannaq]

In my project I add the ability to the supseradmin user to change any user password

e.g:

$user = $this->usermodel->findById(123);
$filled_data = [
'password' => 'newpassword',
'username' => 'newusername',
'email' => '[email protected]'
];
$user->fill($filled_data);
// forget any remember me tokens
auth()->forget($user);

that works fine and password changed . but the effected user will still logged in.

I want to make sure that if user (that I changed his password) currently logged in then perform a logout for him.

is there any way (ready to use in shiled) to do that?

[kenjis]

is there any way (ready to use in shiled) to do that?

No.
Why do you need it?

[mshannaq]

is there any way (ready to use in shiled) to do that?

No. Why do you need it?

while admin manage the users he may be need to change some user password.

and if he changed password for user and the user is logged in he will still logged in

[datamweb]

In general, it is not for the admin to change the password of other users. I strongly disagree with this type of implementation.
You must provide the possibility to change the password only by the user himself.

[kenjis]

Yes, if an admin changes a user's password for some reasons, the user should update their password immediately.
See https://shield.codeigniter.com/user_management/forcing_password_reset/

[mshannaq]

@datamweb sometimes may be the user cannot access his account and cannot receive emails to reset the password, so there is an option to let the admin change his account password (and set to force password reset after login [good idea])

I took a look to shield and see if admin ban user it will be logged out immediately even if the user logged in

so can I do that if password changed also?

[kenjis]

It is a trick. It does not log the user out immediately, but it logs the user out right after the next access.
You can implement the same thing when password changed.

See

shield/src/Filters/SessionAuth.php

Lines 62 to 68 in a0ec47f

	if ($user->isBanned()) {
	$error = $user->getBanMessage() ?? lang('Auth.logOutBannedUser');
	$authenticator->logout();
	return redirect()->to(config('Auth')->logoutRedirect())
	->with('error', $error);
	}

[mshannaq]

this will logout the admin who changed the password for a user. not the user which I have changes his password.

[kenjis]

Sorry, I don't get what you say. I showed the code to ban a user as a reference.
The code does not log out admin, but log the banned user out.
You must implement what you want by yourself.