Search the Community

I got the following reported: Matt @ecartz, provided the following script/hook to fix this: class hook_shop_siteWide_reset_all_sessions { public function listen_accountUpdateTables($parameters) { if (isset($parameters['db']['customers']['customers_password'])) { $sessions_query = tep_db_query("DELETE s FROM sessions s INNER JOIN whos_online wo ON s.sesskey = wo.session_id WHERE wo.customer_id = " . (int)$_SESSION['customer_id']); } } } I made the hook which should be placed in: Phoenix 1.0.7.2.+: templates/default/includes/hooks/shop/siteWide/ Phoenix 1.0.5.1. - 1.0.7.1: includes/hooks/shop/siteWide/ reset_all_sessions.php Lower Phoenix and OSCommerce versions need to add the query to account_password.php line 49-50. So it should look like this: if (tep_validate_password($password_current, $check_customer['customers_password'])) { tep_db_query("update customers set customers_password = '" . tep_encrypt_password($password_new) . "' where customers_id = '" . (int)$customer_id . "'"); tep_db_query("update customers_info set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int)$customer_id . "'"); // session destroy on password reset tep_db_query("DELETE s FROM sessions s INNER JOIN whos_online wo ON s.sesskey = wo.session_id WHERE wo.customer_id = " . (int)$customer_id ); $messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success'); tep_redirect(tep_href_link('account.php', '', 'SSL')); Matt asked me to publish this here so other users can test it before adding it to core. It is already in use in one live store. Please test and report back.