archive/piwigo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fixes #414, deactivate auth keys on password change

Browse source
This commit is contained in:
plegall 2016-02-12 20:20:12 +01:00
parent 25edfc2663
commit fbd90fa460
4 changed files with 27 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
include/functions_user.inc.php
View file

@ -1596,4 +1596,22 @@ SELECT
return create_user_auth_key($user_id, $user_status); return create_user_auth_key($user_id, $user_status);
} }
} }
/**
* Deletes authentication keys
*
* @since 2.8
* @param int $user_id
* @return null
*/
function deactivate_user_auth_keys($user_id)
{
$query = '
UPDATE '.USER_AUTH_KEYS_TABLE.'
SET expired_on = NOW()
WHERE user_id = '.$user_id.'
AND expired_on > NOW()
;';
pwg_query($query);
}
?> ?>

5
include/ws_functions/pwg.users.php
View file

@ -552,6 +552,11 @@ SELECT
array($conf['user_fields']['id'] => $params['user_id'][0]) array($conf['user_fields']['id'] => $params['user_id'][0])
); );
if (isset($updates[ $conf['user_fields']['password'] ]))
{
deactivate_user_auth_keys($params['user_id'][0]);
}
if (isset($update_status) and count($params['user_id_for_status']) > 0) if (isset($update_status) and count($params['user_id_for_status']) > 0)
{ {
$query = ' $query = '

2
password.php
View file

@ -260,6 +260,8 @@ function reset_password()
array('user_id' => $user_id) array('user_id' => $user_id)
); );
deactivate_user_auth_keys($user_id);
$page['infos'][] = l10n('Your password has been reset'); $page['infos'][] = l10n('Your password has been reset');
$page['infos'][] = '<a href="'.get_root_url().'identification.php">'.l10n('Login').'</a>'; $page['infos'][] = '<a href="'.get_root_url().'identification.php">'.l10n('Login').'</a>';

2
profile.php
View file

@ -207,6 +207,8 @@ function save_profile_from_post($userdata, &$errors)
$fields[] = $conf['user_fields']['password']; $fields[] = $conf['user_fields']['password'];
// password is hashed with function $conf['password_hash'] // password is hashed with function $conf['password_hash']
$data{$conf['user_fields']['password']} = $conf['password_hash']($_POST['use_new_pwd']); $data{$conf['user_fields']['password']} = $conf['password_hash']($_POST['use_new_pwd']);
deactivate_user_auth_keys($userdata['id']);
} }
// username is updated only if allowed // username is updated only if allowed