Fix Bug #54125 - Correctly reset login keys if passed value is the current user.

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10279 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/docs/CHANGELOG.html

@@ -91,6 +91,7 @@
 	<ul>
 		<li>[Fix] Allow ban reason and length to be selected and copied in ACP and subsilver2 MCP. (Bug #51095)</li>
 		<li>[Fix] Force full date for board online record date.</li>
+		<li>[Fix] Correctly reset login keys if passed value is the current user. (Bug #54125)</li>
 	</ul>
 
 	<a name="v305"></a><h3>1.ii. Changes since 3.0.5</h3>

phpBB/includes/session.php

@@ -1355,7 +1355,7 @@ class session
 	{
 		global $config, $db;
 
-		$user_id = ($user_id === false) ? $this->data['user_id'] : $user_id;
+		$user_id = ($user_id === false) ? (int) $this->data['user_id'] : (int) $user_id;
 
 		$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
 			WHERE user_id = ' . (int) $user_id;
@@ -1378,7 +1378,7 @@ class session
 		// Let's also clear any current sessions for the specified user_id
 		// If it's the current user then we'll leave this session intact
 		$sql_where = 'session_user_id = ' . (int) $user_id;
-		$sql_where .= ($user_id === $this->data['user_id']) ? " AND session_id <> '" . $db->sql_escape($this->session_id) . "'" : '';
+		$sql_where .= ($user_id === (int) $this->data['user_id']) ? " AND session_id <> '" . $db->sql_escape($this->session_id) . "'" : '';
 
 		$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
 			WHERE $sql_where";
@@ -1386,7 +1386,7 @@ class session
 
 		// We're changing the password of the current user and they have a key
 		// Lets regenerate it to be safe
-		if ($user_id === $this->data['user_id'] && $this->cookie_data['k'])
+		if ($user_id === (int) $this->data['user_id'] && $this->cookie_data['k'])
 		{
 			$this->set_login_key($user_id);
 		}