diff options
author | plegall <plg@piwigo.org> | 2016-02-12 20:20:12 +0100 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2016-02-12 20:20:12 +0100 |
commit | fbd90fa46081cb5a7208dfff83041927f7759b9f (patch) | |
tree | 98ea2addb0c2e48742e92f9565f80d353fc5a2d1 | |
parent | 25edfc2663a0d87e6216981c44dadb52d1f8ab72 (diff) |
fixes #414, deactivate auth keys on password change
-rw-r--r-- | include/functions_user.inc.php | 18 | ||||
-rw-r--r-- | include/ws_functions/pwg.users.php | 5 | ||||
-rw-r--r-- | password.php | 2 | ||||
-rw-r--r-- | profile.php | 2 |
4 files changed, 27 insertions, 0 deletions
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 2591929b4..66c08d5db 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -1596,4 +1596,22 @@ SELECT return create_user_auth_key($user_id, $user_status); } } + +/** + * Deletes authentication keys + * + * @since 2.8 + * @param int $user_id + * @return null + */ +function deactivate_user_auth_keys($user_id) +{ + $query = ' +UPDATE '.USER_AUTH_KEYS_TABLE.' + SET expired_on = NOW() + WHERE user_id = '.$user_id.' + AND expired_on > NOW() +;'; + pwg_query($query); +} ?> diff --git a/include/ws_functions/pwg.users.php b/include/ws_functions/pwg.users.php index f8fe51c2a..eaa96c9c1 100644 --- a/include/ws_functions/pwg.users.php +++ b/include/ws_functions/pwg.users.php @@ -552,6 +552,11 @@ SELECT array($conf['user_fields']['id'] => $params['user_id'][0]) ); + if (isset($updates[ $conf['user_fields']['password'] ])) + { + deactivate_user_auth_keys($params['user_id'][0]); + } + if (isset($update_status) and count($params['user_id_for_status']) > 0) { $query = ' diff --git a/password.php b/password.php index 4e03079a7..5a96ea1bc 100644 --- a/password.php +++ b/password.php @@ -260,6 +260,8 @@ function reset_password() array('user_id' => $user_id) ); + deactivate_user_auth_keys($user_id); + $page['infos'][] = l10n('Your password has been reset'); $page['infos'][] = '<a href="'.get_root_url().'identification.php">'.l10n('Login').'</a>'; diff --git a/profile.php b/profile.php index b143cbf54..3f60fde1b 100644 --- a/profile.php +++ b/profile.php @@ -207,6 +207,8 @@ function save_profile_from_post($userdata, &$errors) $fields[] = $conf['user_fields']['password']; // password is hashed with function $conf['password_hash'] $data{$conf['user_fields']['password']} = $conf['password_hash']($_POST['use_new_pwd']); + + deactivate_user_auth_keys($userdata['id']); } // username is updated only if allowed |