1
0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-10-24 04:16:17 +02:00

Forget remembered sessions when passwords are reset or changed

This commit is contained in:
Marco
2016-12-04 16:54:34 +01:00
parent 5e331924f6
commit f486ab6763

View File

@@ -626,6 +626,9 @@ class Auth {
if (password_verify($oldPassword, $passwordInDatabase)) { if (password_verify($oldPassword, $passwordInDatabase)) {
// update the password in the database // update the password in the database
$this->updatePassword($userId, $newPassword); $this->updatePassword($userId, $newPassword);
// delete any remaining remember directives
$this->deleteRememberDirective($userId);
} }
else { else {
throw new InvalidPasswordException(); throw new InvalidPasswordException();
@@ -848,6 +851,9 @@ class Auth {
// update the password in the database // update the password in the database
$this->updatePassword($resetData['user'], $newPassword); $this->updatePassword($resetData['user'], $newPassword);
// delete any remaining remember directives
$this->deleteRememberDirective($resetData['user']);
try { try {
$this->db->delete( $this->db->delete(
'users_resets', 'users_resets',