From 6e46fb06de94b353be25e4a777726fb8d606841c Mon Sep 17 00:00:00 2001 From: Timothy Jones Date: Thu, 3 Sep 2015 09:38:12 +1000 Subject: [PATCH] Now user sessions are logged out if their password has changed. --- lib/auth.php | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/lib/auth.php b/lib/auth.php index 4b9760511..7b8534864 100755 --- a/lib/auth.php +++ b/lib/auth.php @@ -275,7 +275,15 @@ static public function userPass_Key($username, $password) */ private static function userID_Key( $userID ) { - return $userID.'_'.md5(md5(Config::$secret).$userID.sha1(Config::$secret)); + try + { + $TRYUser = new User($userID); // The user object associated with this key + } + catch(Exception $e) + { + libHTML::error(l_t("The userID provided does not exist.")); + } + return $userID.'_'.md5(md5(Config::$secret).$userID.$TRYUser->password.sha1(Config::$secret)); } /** @@ -369,15 +377,15 @@ static public function key_User( $key, $session = false ) // Make sure there's no refresh loop trigger_error(l_t("An invalid log-on cookie was given, but it seems an attempt to remove it has failed.")."

". - l_t("This error has been logged, please e-mail %s if the problem persists, or you can't log on.",Config::$adminEMail)); + l_t("This error has been logged, please e-mail %s if the problem persists, or you can't log on.",Config::$modEMail)); } else { self::keyWipe(); header('refresh: 3; url=logon.php?logoff=on'); - libHTML::error(l_t("An invalid log-on cookie was given, and it has been removed. ". + libHTML::error(l_t("You have been logged out. ". "You are being redirected to the log-on page.")."

". - l_t("Inform an admin at %s if the problem persists, or you can't log on.",Config::$adminEMail)); + l_t("Inform the moderators at %s if the problem persists, or you can't log on.",Config::$modEMail)); } }