mirror of
https://github.com/delight-im/PHP-Auth.git
synced 2025-07-11 11:36:24 +02:00
Force logout in any other sessions when a user changes their password
This commit is contained in:
@ -765,9 +765,12 @@ final class Auth extends UserManager {
|
||||
public function changePasswordWithoutOldPassword($newPassword) {
|
||||
if ($this->isLoggedIn()) {
|
||||
$newPassword = self::validatePassword($newPassword);
|
||||
$userId = $this->getUserId();
|
||||
$this->updatePasswordInternal($userId, $newPassword);
|
||||
$this->deleteRememberDirectiveForUserById($userId);
|
||||
$this->updatePasswordInternal($this->getUserId(), $newPassword);
|
||||
|
||||
try {
|
||||
$this->logOutEverywhereElse();
|
||||
}
|
||||
catch (NotLoggedInException $ignored) {}
|
||||
}
|
||||
else {
|
||||
throw new NotLoggedInException();
|
||||
|
Reference in New Issue
Block a user