aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGraham Eames <grahamje@users.sourceforge.net>2006-03-18 22:05:08 +0000
committerGraham Eames <grahamje@users.sourceforge.net>2006-03-18 22:05:08 +0000
commit9d5b427032d342a711b9325300aba90723c10c2f (patch)
tree660c334457a092a457cfd08656d624831ff4df27
parentaf2036427ac9cd4d42d224fe5e10fa5a8c0e29d5 (diff)
downloadforums-9d5b427032d342a711b9325300aba90723c10c2f.tar
forums-9d5b427032d342a711b9325300aba90723c10c2f.tar.gz
forums-9d5b427032d342a711b9325300aba90723c10c2f.tar.bz2
forums-9d5b427032d342a711b9325300aba90723c10c2f.tar.xz
forums-9d5b427032d342a711b9325300aba90723c10c2f.zip
Cross-port a patch from 2.0.20 into the 3.0 branch
git-svn-id: file:///svn/phpbb/trunk@5660 89ea8834-ac86-4346-8a33-228a782c2dd0
-rw-r--r--phpBB/includes/acp/acp_users.php1
-rw-r--r--phpBB/includes/session.php23
-rw-r--r--phpBB/includes/ucp/ucp_profile.php1
3 files changed, 25 insertions, 0 deletions
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index e4a48f2a84..4dcf128452 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -662,6 +662,7 @@ class acp_users
'user_passchg' => time(),
);
+ $user->reset_login_keys($user_id);
add_log('admin', 'LOG_USER_NEW_PASSWORD', $user_row['username']);
add_log('user', $user_id, 'LOG_USER_NEW_PASSWORD', $user_row['username']);
}
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index b885d81b31..f12332b4db 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -763,6 +763,29 @@ class session
return false;
}
+
+ /**
+ * Reset all login keys for the specified user
+ *
+ * This method removes all current login keys for a specified (or the current)
+ * user. It will be called on password change to render old keys unusable
+ */
+ function reset_login_keys($user_id = false)
+ {
+ global $config, $db;
+
+ $user_id = ($user_id === false) ? $this->data['user_id'] : $user_id;
+
+ $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' WHERE user_id = ' . (int) $user_id;
+ $db->sql_query($sql);
+
+ // We're changing the password of the current user and they have a key
+ // Lets regenerate it to be safe
+ if ($user_id === $this->data['user_id'] && $this->cookie_data['k'])
+ {
+ $this->set_login_key($user_id);
+ }
+ }
}
diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php
index 55104a55c8..1232ae37f8 100644
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -97,6 +97,7 @@ class ucp_profile
if ($auth->acl_get('u_chgpasswd') && $new_password && md5($new_password) != $user->data['user_password'])
{
+ $user->reset_login_keys();
add_log('admin', 'LOG_USER_NEW_PASSWORD', $username);
add_log('user', $user->data['user_id'], 'LOG_USER_NEW_PASSWORD', $username);
}