From 726407541489612f649b9784b2827fd109dcfd31 Mon Sep 17 00:00:00 2001 From: Manuel Cillero Date: Sat, 5 Aug 2017 12:30:15 +0200 Subject: [PATCH] New version 6.x-2.2 of Secure Password Hashes module --- install/CHANGELOG.txt | 2 +- modules/phpass/password-hash.sh | 0 modules/phpass/phpass.info | 7 +++---- modules/phpass/phpass.module | 15 +++++++++++++++ 4 files changed, 19 insertions(+), 5 deletions(-) mode change 100644 => 100755 modules/phpass/password-hash.sh diff --git a/install/CHANGELOG.txt b/install/CHANGELOG.txt index 5f1ed2a..6db43a6 100644 --- a/install/CHANGELOG.txt +++ b/install/CHANGELOG.txt @@ -67,7 +67,7 @@ SuiteDesk 0.1.0, 2017-07-24 Security + Generate Password 6.x-1.4 + Password policy 6.x-1.11 - + Secure Password Hashes 6.x-2.1 + + Secure Password Hashes 6.x-2.2 + Secure Pages 6.x-2.1 + Secure Pages Hijack Prevention 6.x-2.0-rc1 diff --git a/modules/phpass/password-hash.sh b/modules/phpass/password-hash.sh old mode 100644 new mode 100755 diff --git a/modules/phpass/phpass.info b/modules/phpass/phpass.info index 3845b5b..0455262 100644 --- a/modules/phpass/phpass.info +++ b/modules/phpass/phpass.info @@ -4,9 +4,8 @@ package = Security core = 6.x php = 5.2.4 -; Information added by Drupal.org packaging script on 2014-11-19 -version = "6.x-2.1" +; Information added by Drupal.org packaging script on 2016-06-22 +version = "6.x-2.2" core = "6.x" project = "phpass" -datestamp = "1416425332" - +datestamp = "1466620440" diff --git a/modules/phpass/phpass.module b/modules/phpass/phpass.module index 335d215..f071610 100644 --- a/modules/phpass/phpass.module +++ b/modules/phpass/phpass.module @@ -15,6 +15,21 @@ function phpass_user($op, &$edit, &$account, $category = NULL) { // Catch password changes and update the password hash. if (!empty($edit['pass'])) { phpass_user_rehash_password($account, $edit['pass']); + + // If the password changed, delete all open sessions and recreate + // the current one. The following code is copied from user.module + if (is_object($account) && $account->uid) { + sess_destroy_uid($account->uid); + if ($account->uid == $GLOBALS['user']->uid) { + if (function_exists('drupal_session_regenerate')) { + // Support for Pressflow. + drupal_session_regenerate(); + } + else { + sess_regenerate(); + } + } + } } // Prevent the md5 from being saved on update. $edit['pass'] = NULL;