1
0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-07-11 11:36:24 +02:00

Force logout in any other sessions when a user changes their password

This commit is contained in:
Marco
2018-03-25 03:40:57 +02:00
parent 71ce2b58c9
commit a7c1ebcc9f

View File

@ -765,9 +765,12 @@ final class Auth extends UserManager {
public function changePasswordWithoutOldPassword($newPassword) {
if ($this->isLoggedIn()) {
$newPassword = self::validatePassword($newPassword);
$userId = $this->getUserId();
$this->updatePasswordInternal($userId, $newPassword);
$this->deleteRememberDirectiveForUserById($userId);
$this->updatePasswordInternal($this->getUserId(), $newPassword);
try {
$this->logOutEverywhereElse();
}
catch (NotLoggedInException $ignored) {}
}
else {
throw new NotLoggedInException();