diff options
author | Andrew Dolgov <[email protected]> | 2007-09-12 04:41:56 +0100 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2007-09-12 04:41:56 +0100 |
commit | e6684130735a424559212d065654b66fb8c63d70 (patch) | |
tree | 2b6fbe4ce468ad34ba1438665ca22e92f7388fe0 | |
parent | c32cd48afe5c5b9c134d1e9678c11298630b10eb (diff) |
invalidate session on password change
-rw-r--r-- | functions.php | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/functions.php b/functions.php index 131dc0db1..a237aff5a 100644 --- a/functions.php +++ b/functions.php @@ -1449,6 +1449,7 @@ $_SESSION["theme"] = $user_theme; $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; + $_SESSION["pwd_hash"] = $pwd_hash; initialize_user_prefs($link, $_SESSION["uid"]); @@ -1534,6 +1535,18 @@ } } + if ($_SESSION["uid"]) { + + $result = db_query($link, + "SELECT pwd_hash FROM ttrss_users WHERE id = '".$_SESSION["uid"]."'"); + + $pwd_hash = db_fetch_result($result, 0, "pwd_hash"); + + if ($pwd_hash != $_SESSION["pwd_hash"]) { + return false; + } + } + /* if ($_SESSION["cookie_lifetime"] && $_SESSION["uid"]) { //print_r($_SESSION); |