makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 22:28:51 +00:00
Code Issues Projects Releases Packages Wiki Activity

Changes related to deleting auto login keys on password change

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5442 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Graham Eames 2006-01-11 21:09:47 +00:00
parent 8976799a6a
commit 6dbe925952
3 changed files with 67 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
phpBB/admin/admin_users.php
View file

@ -697,6 +697,13 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
} }
} }
// We remove all stored login keys since the password has been updated
// and change the current one (if applicable)
if ( !empty($passwd_sql) )
{
session_reset_keys($user_id, $user_ip);
}
$message .= $lang['Admin_user_updated']; $message .= $lang['Admin_user_updated'];
} }
else else

53
phpBB/includes/sessions.php
View file

@ -496,6 +496,59 @@ function session_clean($session_id)
return true; return true;
} }
/**
* Reset all login keys for the specified user
* Called on password changes
*/
function session_reset_keys($user_id, $user_ip)
{
global $db, $userdata;
$key_sql = ($user_id == $userdata['user_id'] && !empty($userdata['session_key'])) ? "AND key_id != '" . md5($userdata['session_key']) . "'" : '';
$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
WHERE user_id = ' . (int) $user_id . "
$key_sql";
$db->sql_query($sql);
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error removing auto-login keys', '', __LINE__, __FILE__, $sql);
}
if ( !empty($key_sql) )
{
list($sec, $usec) = explode(' ', microtime());
mt_srand(hexdec(substr($userdata['session_id'], 0, 8)) + (float) $sec + ((float) $usec * 1000000));
$auto_login_key = uniqid(mt_rand(), true);
$current_time = time();
$sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . "
SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time
WHERE key_id = '" . md5($userdata['session_key']) . "'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql);
}
// And now rebuild the cookie
$sessiondata['userid'] = $user_id;
$sessiondata['autologinid'] = $autologin_id;
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
$userdata['session_key'] = $auto_login_key;
unset($sessiondata);
unset($auto_login_key);
}
}
// //
// Append $SID to a url. Borrowed from phplib and modified. This is an // Append $SID to a url. Borrowed from phplib and modified. This is an
// extra routine utilised by the session code above and acts as a wrapper // extra routine utilised by the session code above and acts as a wrapper

7
phpBB/includes/usercp_register.php
View file

@ -527,6 +527,13 @@ if ( isset($HTTP_POST_VARS['submit']) )
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql); message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
} }
// We remove all stored login keys since the password has been updated
// and change the current one (if applicable)
if ( !empty($passwd_sql) )
{
session_reset_keys($user_id, $user_ip);
}
if ( !$user_active ) if ( !$user_active )
{ {
// //