valvin
/
ttrss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

invalidate session on password change

This commit is contained in:
Andrew Dolgov 2007-09-12 04:41:56 +01:00
parent c32cd48afe
commit e668413073
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
functions.php
View File

@ -1449,6 +1449,7 @@
$_SESSION["theme"] = $user_theme; $_SESSION["theme"] = $user_theme;
$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
$_SESSION["pwd_hash"] = $pwd_hash;
initialize_user_prefs($link, $_SESSION["uid"]); initialize_user_prefs($link, $_SESSION["uid"]);
@ -1534,6 +1535,18 @@
} }
} }
if ($_SESSION["uid"]) {
$result = db_query($link,
"SELECT pwd_hash FROM ttrss_users WHERE id = '".$_SESSION["uid"]."'");
$pwd_hash = db_fetch_result($result, 0, "pwd_hash");
if ($pwd_hash != $_SESSION["pwd_hash"]) {
return false;
}
}
/* if ($_SESSION["cookie_lifetime"] && $_SESSION["uid"]) { /* if ($_SESSION["cookie_lifetime"] && $_SESSION["uid"]) {
//print_r($_SESSION); //print_r($_SESSION);