* Preferences/EMail: if user changed password, update password in session correct, so eg. EMail using that password keeps working

2013-02-21 09:43:38 +00:00 · 2013-02-21 09:43:38 +00:00 · ef1756438e
commit ef1756438e
parent e1241d80f1
4 changed files with 14 additions and 6 deletions
--- a/phpgwapi/inc/class.auth.inc.php
+++ b/phpgwapi/inc/class.auth.inc.php
@ -91,7 +91,7 @@ class auth
 					$alpwchange_val = $backend->getLastPwdChange($GLOBALS['egw_info']['user']['account_lid']);
 					$pwdTsChecked = true;
 				}
-				// if your authsystem does not provide that information, its likely, that you cannot change your password there, 
+				// if your authsystem does not provide that information, its likely, that you cannot change your password there,
 				// thus checking for expiration, is not needed
 				if ($alpwchange_val === false)
 				{
@ -224,7 +224,15 @@ class auth
 	 */
 	function change_password($old_passwd, $new_passwd, $account_id=0)
 	{
-		return $this->backend->change_password($old_passwd, $new_passwd, $account_id);
+		if (($ret = $this->backend->change_password($old_passwd, $new_passwd, $account_id)) &&
+			($account_id == $GLOBALS['egw_info']['user']['account_id']))
+		{
+			// need to change current users password in session
+			egw_cache::setSession('phpgwapi', 'password', base64_encode($new_passwd));
+			// invalidate EGroupware session, as password is stored in egw_info in session
+			egw::invalidate_session_cache();
+		}
+		return $ret;
 	}

 	/**
--- a/phpgwapi/inc/class.auth_ldap.inc.php
+++ b/phpgwapi/inc/class.auth_ldap.inc.php
@ -318,7 +318,6 @@ class auth_ldap implements auth_backend
 		}
 		if($old_passwd)	// if old password given (not called by admin) update the password in the session
 		{
-			$GLOBALS['egw']->session->appsession('password','phpgwapi',$new_passwd);
 			// using time() is sufficient to represent the current time, we do not need the timestamp written to the storage
 			egw_cache::setSession('phpgwapi','auth_alpwchange_val',time());
 		}
--- a/phpgwapi/inc/class.auth_sql.inc.php
+++ b/phpgwapi/inc/class.auth_sql.inc.php
@ -253,7 +253,6 @@ class auth_sql implements auth_backend
 		if(!$admin)
 		{
 			egw_cache::setSession('phpgwapi','auth_alpwchange_val',$update['account_lastpwd_change']);
-			$GLOBALS['egw']->session->appsession('password','phpgwapi',$new_passwd);
 		}
 		return $encrypted_passwd;
 	}
--- a/phpgwapi/inc/class.egw_session.inc.php
+++ b/phpgwapi/inc/class.egw_session.inc.php
@ -554,7 +554,7 @@ class egw_session
 			return false;
 		}

-		$this->appsession('password','phpgwapi',base64_encode($this->passwd));
+		egw_cache::setSession('phpgwapi', 'password', base64_encode($this->passwd));

 		if ($GLOBALS['egw']->acl->check('anonymous',1,'phpgwapi'))
 		{
@ -957,10 +957,11 @@ class egw_session
 			}
 			return false;
 		}
+		$this->passwd = base64_decode(egw_cache::getSession('phpgwapi', 'password'));
 		if ($fill_egw_info_and_repositories)
 		{
 			$GLOBALS['egw_info']['user']['session_ip'] = $session['session_ip'];
-			$GLOBALS['egw_info']['user']['passwd']     = base64_decode($this->appsession('password','phpgwapi'));
+			$GLOBALS['egw_info']['user']['passwd']     = $this->passwd;
 		}
 		if ($this->account_domain != $GLOBALS['egw_info']['user']['domain'])
 		{
@ -1619,6 +1620,7 @@ class egw_session
 		if (($sessionid = self::get_sessionid()))
 		{
 		 	session_id($sessionid);
+		 	self::cache_control();
 			$ok = session_start();
 			self::decrypt();
 			if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."() sessionid=$sessionid, _SESSION[".self::EGW_SESSION_VAR.']='.array2string($_SESSION[self::EGW_SESSION_VAR]));