diff options
| -rw-r--r-- | inc/auth.php | 1 | ||||
| -rw-r--r-- | lib/plugins/usermanager/admin.php | 10 |
2 files changed, 11 insertions, 0 deletions
diff --git a/inc/auth.php b/inc/auth.php index d511930dc..48888da1e 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -157,6 +157,7 @@ function auth_login($user,$pass,$sticky=false,$silent=false){ if($user && $pass){ // we got a cookie - see if we can trust it if(isset($session) && + ($session['time'] >= @filemtime($conf['cachedir'].'/sessionpurge')) && ($session['time'] >= time()-$conf['auth_security_timeout']) && ($session['user'] == $user) && ($session['pass'] == $pass) && //still crypted diff --git a/lib/plugins/usermanager/admin.php b/lib/plugins/usermanager/admin.php index e20078d04..c5b720444 100644 --- a/lib/plugins/usermanager/admin.php +++ b/lib/plugins/usermanager/admin.php @@ -364,6 +364,8 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { * Delete user */ function _deleteUser(){ + global $conf; + if (!checkSecurityToken()) return false; if (!$this->_auth->canDo('delUser')) return false; @@ -381,6 +383,9 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { msg("$part1, $part2",-1); } + // invalidate all sessions + io_saveFile($conf['cachedir'].'/sessionpurge',time()); + return true; } @@ -410,6 +415,8 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { * Modify user (modified user data has been recieved) */ function _modifyUser(){ + global $conf; + if (!checkSecurityToken()) return false; if (!$this->_auth->canDo('UserMod')) return false; @@ -455,6 +462,9 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { $this->_notifyUser($notify,$newpass); } + // invalidate all sessions + io_saveFile($conf['cachedir'].'/sessionpurge',time()); + } else { msg($this->lang['update_fail'],-1); } |