aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2016-02-12 20:20:12 +0100
committerplegall <plg@piwigo.org>2016-02-12 20:20:12 +0100
commitfbd90fa46081cb5a7208dfff83041927f7759b9f (patch)
tree98ea2addb0c2e48742e92f9565f80d353fc5a2d1
parent25edfc2663a0d87e6216981c44dadb52d1f8ab72 (diff)
fixes #414, deactivate auth keys on password change
-rw-r--r--include/functions_user.inc.php18
-rw-r--r--include/ws_functions/pwg.users.php5
-rw-r--r--password.php2
-rw-r--r--profile.php2
4 files changed, 27 insertions, 0 deletions
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 2591929b4..66c08d5db 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -1596,4 +1596,22 @@ SELECT
return create_user_auth_key($user_id, $user_status);
}
}
+
+/**
+ * Deletes authentication keys
+ *
+ * @since 2.8
+ * @param int $user_id
+ * @return null
+ */
+function deactivate_user_auth_keys($user_id)
+{
+ $query = '
+UPDATE '.USER_AUTH_KEYS_TABLE.'
+ SET expired_on = NOW()
+ WHERE user_id = '.$user_id.'
+ AND expired_on > NOW()
+;';
+ pwg_query($query);
+}
?>
diff --git a/include/ws_functions/pwg.users.php b/include/ws_functions/pwg.users.php
index f8fe51c2a..eaa96c9c1 100644
--- a/include/ws_functions/pwg.users.php
+++ b/include/ws_functions/pwg.users.php
@@ -552,6 +552,11 @@ SELECT
array($conf['user_fields']['id'] => $params['user_id'][0])
);
+ if (isset($updates[ $conf['user_fields']['password'] ]))
+ {
+ deactivate_user_auth_keys($params['user_id'][0]);
+ }
+
if (isset($update_status) and count($params['user_id_for_status']) > 0)
{
$query = '
diff --git a/password.php b/password.php
index 4e03079a7..5a96ea1bc 100644
--- a/password.php
+++ b/password.php
@@ -260,6 +260,8 @@ function reset_password()
array('user_id' => $user_id)
);
+ deactivate_user_auth_keys($user_id);
+
$page['infos'][] = l10n('Your password has been reset');
$page['infos'][] = '<a href="'.get_root_url().'identification.php">'.l10n('Login').'</a>';
diff --git a/profile.php b/profile.php
index b143cbf54..3f60fde1b 100644
--- a/profile.php
+++ b/profile.php
@@ -207,6 +207,8 @@ function save_profile_from_post($userdata, &$errors)
$fields[] = $conf['user_fields']['password'];
// password is hashed with function $conf['password_hash']
$data{$conf['user_fields']['password']} = $conf['password_hash']($_POST['use_new_pwd']);
+
+ deactivate_user_auth_keys($userdata['id']);
}
// username is updated only if allowed