From e6684130735a424559212d065654b66fb8c63d70 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.spb.ru>
Date: Wed, 12 Sep 2007 04:41:56 +0100
Subject: invalidate session on password change

---
 functions.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'functions.php')

diff --git a/functions.php b/functions.php
index 131dc0db1..a237aff5a 100644
--- a/functions.php
+++ b/functions.php
@@ -1449,6 +1449,7 @@
 	
 				$_SESSION["theme"] = $user_theme;
 				$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
+				$_SESSION["pwd_hash"] = $pwd_hash;
 	
 				initialize_user_prefs($link, $_SESSION["uid"]);
 	
@@ -1534,6 +1535,18 @@
 			}
 		}
 
+		if ($_SESSION["uid"]) {
+
+			$result = db_query($link, 
+				"SELECT pwd_hash FROM ttrss_users WHERE id = '".$_SESSION["uid"]."'");
+
+			$pwd_hash = db_fetch_result($result, 0, "pwd_hash");
+
+			if ($pwd_hash != $_SESSION["pwd_hash"]) {
+				return false;
+			}
+		}
+
 /*		if ($_SESSION["cookie_lifetime"] && $_SESSION["uid"]) {
 
 			//print_r($_SESSION);
-- 
cgit v1.2.3