New version 6.x-2.2 of Secure Password Hashes module

2017-08-05 12:30:15 +02:00 · 2017-08-05 12:30:15 +02:00 · 7264075414
commit 7264075414
parent 2f7b56d013
4 changed files with 19 additions and 5 deletions
--- a/install/CHANGELOG.txt
+++ b/install/CHANGELOG.txt
@ -67,7 +67,7 @@ SuiteDesk 0.1.0, 2017-07-24
        Security
        + Generate Password 6.x-1.4
        + Password policy 6.x-1.11
-        + Secure Password Hashes 6.x-2.1
+        + Secure Password Hashes 6.x-2.2
        + Secure Pages 6.x-2.1
        + Secure Pages Hijack Prevention 6.x-2.0-rc1

--- a/modules/phpass/password-hash.sh
+++ b/modules/phpass/password-hash.sh
--- a/modules/phpass/phpass.info
+++ b/modules/phpass/phpass.info
@ -4,9 +4,8 @@ package = Security
 core = 6.x
 php = 5.2.4

-; Information added by Drupal.org packaging script on 2014-11-19
-version = "6.x-2.1"
+; Information added by Drupal.org packaging script on 2016-06-22
+version = "6.x-2.2"
 core = "6.x"
 project = "phpass"
-datestamp = "1416425332"
-
+datestamp = "1466620440"
--- a/modules/phpass/phpass.module
+++ b/modules/phpass/phpass.module
@ -15,6 +15,21 @@ function phpass_user($op, &$edit, &$account, $category = NULL) {
      // Catch password changes and update the password hash.
      if (!empty($edit['pass'])) {
        phpass_user_rehash_password($account, $edit['pass']);
+
+        // If the password changed, delete all open sessions and recreate
+        // the current one. The following code is copied from user.module
+        if (is_object($account) && $account->uid) {
+          sess_destroy_uid($account->uid);
+          if ($account->uid == $GLOBALS['user']->uid) {
+            if (function_exists('drupal_session_regenerate')) {
+              // Support for Pressflow.
+              drupal_session_regenerate();
+            }
+            else {
+              sess_regenerate();
+            }
+          }
+        }
      }
      // Prevent the md5 from being saved on update.
      $edit['pass'] = NULL;