zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-07-21 18:16:03 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fix towards the new password expiration policy

Browse source
This commit is contained in:
Pinga 2025-02-11 23:37:17 +02:00
parent ddfb8fed75
commit 6968bfafa2
7 changed files with 191 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

4
cp/app/Controllers/Auth/PasswordController.php
View file

@ -90,7 +90,7 @@ class PasswordController extends Controller
if (!checkPasswordComplexity($data['password2'])) {
redirect()->route('update.password',[],['selector'=>urlencode($data['selector']),'token'=>urlencode($data['token'])])->with('error','Password too weak. Use a stronger password.');
}
$_SESSION['password_last_changed'][$userId] = time();
$db->exec('UPDATE users SET password_last_updated = NOW() WHERE id = ?', [$userId]);
Auth::resetPasswordUpdate($data['selector'], $data['token'], $data['password']);
}
@ -113,7 +113,7 @@ class PasswordController extends Controller
redirect()->route('profile')->with('error','Password too weak. Use a stronger password.');
}
$userId = $container->get('auth')->user()['id'];
$_SESSION['password_last_changed'][$userId] = time();
$db->exec('UPDATE users SET password_last_updated = NOW() WHERE id = ?', [$userId]);
Auth::changeCurrentPassword($data['old_password'], $data['new_password']);
}
}