dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove the session when the password is changed

This commit is contained in:
FusionPBX 2024-10-27 18:04:35 -06:00 committed by GitHub
parent c81e6482a8
commit 3a0d5fb512
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
core/users/user_edit.php
View File

@ -517,6 +517,19 @@
$array['users'][$x]['username'] = $username;
}
if (permission_exists('user_password') && !empty($password) && $password == $password_confirm) {
//remove the session id files
$sql = "select session_id from v_user_logs ";
$sql .= "where user_uuid = :user_uuid ";
$sql .= "and timestamp > NOW() - INTERVAL '4 hours' ";
$parameters['user_uuid'] = $user_uuid;
$user_logs = $database->select($sql, $parameters, 'all');
foreach ($user_logs as $row) {
if (preg_match('/^[a-zA-Z0-9,-]+$/', $row['session_id']) && file_exists(session_save_path() . "/sess_" . $row['session_id'])) {
unlink(session_save_path() . "/sess_" . $row['session_id']);
}
}
//create a one way hash for the user password
$array['users'][$x]['password'] = password_hash($password, PASSWORD_DEFAULT, $options);
$array['users'][$x]['salt'] = null;
}