fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-02 00:32:15 +09:00
Code Issues Projects Releases Packages Wiki Activity

Add option to invalidate other sessions on password change

Browse source 
Feature request in https://www.xetown.com/lakepark/345786
This commit is contained in:
Kijin Sung 2017-02-09 00:06:32 +09:00
parent bdb10d57c5
commit c7d8d84500
7 changed files with 99 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

31
modules/member/member.controller.php
View file

@ -735,6 +735,21 @@ class memberController extends member
$args->password = $password;
$output = $this->updateMemberPassword($args);
if(!$output->toBool()) return $output;
// Log out all other sessions.
$oModuleModel = getModel('module');
$member_config = $oModuleModel->getModuleConfig('member');
if ($member_config->password_change_invalidate_other_sessions === 'Y')
{
$invalid_before = time();
$filename = RX_BASEDIR . sprintf('files/member_extra_info/invalid_before/%s%d.txt', getNumberingPath($member_srl), $member_srl);
Rhymix\Framework\Storage::write($filename, $invalid_before);
Rhymix\Framework\Session::destroyOtherAutologinKeys($member_srl);
if ($_SESSION['RHYMIX'] && $_SESSION['RHYMIX']['last_login'])
{
$_SESSION['RHYMIX']['last_login'] = $invalid_before;
}
}
$this->add('member_srl', $args->member_srl);
$this->setMessage('success_updated');
@ -771,6 +786,7 @@ class memberController extends member
$output = $this->deleteMember($member_srl);
if(!$output->toBool()) return $output;
// Destroy all session information
executeQuery('member.deleteAutologin', (object)array('member_srl' => $member_srl));
Rhymix\Framework\Session::logout();
// Return success message
$this->setMessage('success_leaved');
@ -1922,6 +1938,21 @@ class memberController extends member
$this->destroySessionInfo();
return;
}
// Invalidate the session if the member's password has changed
$oModuleModel = getModel('module');
$member_config = $oModuleModel->getModuleConfig('member');
if ($member_config->password_change_invalidate_other_sessions === 'Y')
{
$filename = RX_BASEDIR . sprintf('files/member_extra_info/invalid_before/%s%d.txt', getNumberingPath($member_srl), $member_srl);
$invalid_before = Rhymix\Framework\Storage::read($filename);
if ($invalid_before && $_SESSION['RHYMIX'] && $_SESSION['RHYMIX']['last_login'] && $_SESSION['RHYMIX']['last_login'] < $invalid_before)
{
$this->destroySessionInfo();
return;
}
}
// Log in for treatment sessions set
/*
$_SESSION['is_logged'] = true;