From: Andrew Dolgov Date: Wed, 12 Sep 2007 03:41:56 +0000 (+0100) Subject: invalidate session on password change X-Git-Tag: 1.2.15~8 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=e6684130735a424559212d065654b66fb8c63d70;p=tt-rss.git invalidate session on password change --- diff --git a/functions.php b/functions.php index 131dc0db..a237aff5 100644 --- a/functions.php +++ b/functions.php @@ -1449,6 +1449,7 @@ $_SESSION["theme"] = $user_theme; $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; + $_SESSION["pwd_hash"] = $pwd_hash; initialize_user_prefs($link, $_SESSION["uid"]); @@ -1534,6 +1535,18 @@ } } + if ($_SESSION["uid"]) { + + $result = db_query($link, + "SELECT pwd_hash FROM ttrss_users WHERE id = '".$_SESSION["uid"]."'"); + + $pwd_hash = db_fetch_result($result, 0, "pwd_hash"); + + if ($pwd_hash != $_SESSION["pwd_hash"]) { + return false; + } + } + /* if ($_SESSION["cookie_lifetime"] && $_SESSION["uid"]) { //print_r($_SESSION);