Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
mahara
mahara
Commits
35510252
Commit
35510252
authored
Nov 26, 2014
by
Robert Lyon
Committed by
Gerrit Code Review
Nov 26, 2014
Browse files
Merge "Session is not invalidating after password change (Bug #1363873)"
parents
5916ccc3
f103c650
Changes
2
Hide whitespace changes
Inline
Side-by-side
htdocs/auth/lib.php
View file @
35510252
...
...
@@ -414,7 +414,13 @@ function auth_setup () {
// Check the time that the session is set to log out. If the user does
// not have a session, this time will be 0.
$sessionlogouttime
=
$USER
->
get
(
'logout_time'
);
if
(
$sessionlogouttime
&&
isset
(
$_GET
[
'logout'
]))
{
// Need to doublecheck that the User's sessionid still has a match the usr_session table
// It can disappear if the current user has hacked the real user's account and the real user has
// reset the password clearing the session from usr_session.
$sessionexists
=
get_record
(
'usr_session'
,
'usr'
,
$USER
->
id
,
'session'
,
$USER
->
get
(
'sessionid'
));
$parentuser
=
$USER
->
get
(
'parentuser'
);
if
((
$sessionlogouttime
&&
isset
(
$_GET
[
'logout'
]))
||
(
$sessionexists
===
false
&&
$USER
->
get
(
'sessionid'
)
!=
''
&&
empty
(
$parentuser
)))
{
// Call the authinstance' logout hook
$authinstance
=
$SESSION
->
get
(
'authinstance'
);
if
(
$authinstance
)
{
...
...
htdocs/forgotpass.php
View file @
35510252
...
...
@@ -223,6 +223,10 @@ function forgotpasschange_submit(Pieform $form, $values) {
ensure_user_account_is_active
(
$user
);
$USER
->
reanimate
(
$user
->
id
,
$user
->
authinstance
);
// Destroy other sessions of the user
remove_user_sessions
(
$USER
->
get
(
'id'
));
$SESSION
->
add_ok_msg
(
get_string
(
'passwordchangedok'
));
redirect
();
exit
;
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment