Now user sessions are logged out if their password has changed.

kestasjk · Sep 2, 2015 · 6e46fb0 · 6e46fb0
1 parent 03de984
commit 6e46fb0
Showing 1 changed file with 12 additions and 4 deletions.
diff --git a/lib/auth.php b/lib/auth.php
@@ -275,7 +275,15 @@ static public function userPass_Key($username, $password)
 	 */
 	private static function userID_Key( $userID )
 	{
-		return $userID.'_'.md5(md5(Config::$secret).$userID.sha1(Config::$secret));
+		try
+		{
+			$TRYUser = new User($userID); // The user object associated with this key
+		}
+		catch(Exception $e)
+		{
+			libHTML::error(l_t("The userID provided does not exist."));
+		}
+		return $userID.'_'.md5(md5(Config::$secret).$userID.$TRYUser->password.sha1(Config::$secret));
 	}
 
 	/**
@@ -369,15 +377,15 @@ static public function key_User( $key, $session = false )
 
 				// Make sure there's no refresh loop
 				trigger_error(l_t("An invalid log-on cookie was given, but it seems an attempt to remove it has failed.")."<br /><br />".
-					l_t("This error has been logged, please e-mail %s if the problem persists, or you can't log on.",Config::$adminEMail));
+					l_t("This error has been logged, please e-mail %s if the problem persists, or you can't log on.",Config::$modEMail));
 			}
 			else
 			{
 				self::keyWipe();
 				header('refresh: 3; url=logon.php?logoff=on');
-				libHTML::error(l_t("An invalid log-on cookie was given, and it has been removed. ".
+				libHTML::error(l_t("You have been logged out. ".
 					"You are being redirected to the log-on page.")."<br /><br />".
-					l_t("Inform an admin at %s if the problem persists, or you can't log on.",Config::$adminEMail));
+					l_t("Inform the moderators at %s if the problem persists, or you can't log on.",Config::$modEMail));
 			}
 
 		}