From fbd90fa46081cb5a7208dfff83041927f7759b9f Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Fri, 12 Feb 2016 20:20:12 +0100
Subject: fixes #414, deactivate auth keys on password change

---
 profile.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'profile.php')

diff --git a/profile.php b/profile.php
index b143cbf54..3f60fde1b 100644
--- a/profile.php
+++ b/profile.php
@@ -207,6 +207,8 @@ function save_profile_from_post($userdata, &$errors)
         $fields[] = $conf['user_fields']['password'];
         // password is hashed with function $conf['password_hash']
         $data{$conf['user_fields']['password']} = $conf['password_hash']($_POST['use_new_pwd']);
+
+        deactivate_user_auth_keys($userdata['id']);
       }
       
       // username is updated only if allowed
-- 
cgit v1.2.3