Commit 92113c29 authored by Son Nguyen's avatar Son Nguyen Committed by Robert Lyon

Destroy user's sessions when (Bug 1328705)

- users change his/her password
- admins delete the user's account

Change-Id: Id88207309770dae3eb803abe1f23f97a6b8eb3c8
Signed-off-by: default avatarSon Nguyen <son.nguyen@catalyst.net.nz>
parent 07551cc0
......@@ -181,12 +181,14 @@ function accountprefs_submit(Pieform $form, $values) {
$authobj = AuthFactory::create($USER->authinstance);
db_begin();
$ispasswordchanged = false;
if (isset($values['password1']) && $values['password1'] !== '') {
global $authclass;
$password = $authobj->change_password($USER, $values['password1']);
$USER->password = $password;
$USER->passwordchange = 0;
$USER->commit();
$ispasswordchanged = true;
}
// use this as looping through values is not safe.
......@@ -234,6 +236,12 @@ function accountprefs_submit(Pieform $form, $values) {
$reload = true;
}
if ($ispasswordchanged) {
// Destroy other sessions of the user
require_once(get_config('docroot') . 'auth/session.php');
remove_user_sessions($USER->get('id'));
}
db_commit();
$returndata['message'] = get_string('prefssaved', 'account');
......
......@@ -1382,6 +1382,10 @@ function delete_user($userid) {
handle_event('deleteuser', $userid);
// Destroy all active sessions of the deleted user
require_once(get_config('docroot') . 'auth/session.php');
remove_user_sessions($userid);
db_commit();
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment