Netsyms/Mods-for-HESK-Netsyms
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

#331 Update password

Browse Source
This commit is contained in:
Mike Koch 2015-08-29 21:29:12 -04:00
parent 379d096f88
commit 3619a4c507
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
admin/password.php
View File

@ -238,6 +238,9 @@ elseif ( isset($_GET['h']) )
// Expire all verification hashes for this user // Expire all verification hashes for this user
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` WHERE `user`=".intval($row['user'])); hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` WHERE `user`=".intval($row['user']));
// Load additional required functions
require(HESK_PATH . 'inc/admin_functions.inc.php');
// Get user details // Get user details
$res = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix']."users` WHERE `id`=".intval($row['user'])." LIMIT 1"); $res = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix']."users` WHERE `id`=".intval($row['user'])." LIMIT 1");
$row = hesk_dbFetchAssoc($res); $row = hesk_dbFetchAssoc($res);
@ -245,6 +248,11 @@ elseif ( isset($_GET['h']) )
{ {
$_SESSION[$k]=$v; $_SESSION[$k]=$v;
} }
// Set a tag that will be used to expire sessions after username or password change
$_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['user'], $_SESSION['pass']);
// We don't need the password hash anymore
unset($_SESSION['pass']); unset($_SESSION['pass']);
// Clean brute force attempts // Clean brute force attempts