You are here

Home » API reference » Paranoia 7 » paranoia.module

function paranoia_user_update in Paranoia 7

Implements hook_user_update().

File

./paranoia.module, line 99
Paranoia module file. Provides various extra security features.

Code

function paranoia_user_update(&$edit, $account, $category) {

  // If they are changing their password.
  if (isset($account->pass) && isset($account->original) && isset($account->original->pass) && $account->original->pass != $account->pass) {

    // Confirm a db based session destruction is going to work.
    if (variable_get('session_inc', 'includes/session.inc') == 'includes/session.inc') {

      // Destroy all sessions.
      db_delete('sessions')
        ->condition('uid', $account->uid, '=')
        ->condition('sid', session_id(), '!=')
        ->execute();
    }
    else {

      // If db deletion of sessions won't work, log that problem.
      watchdog('paranoia', 'Tried deleting sessions after a password change, but sessions are stored in an unknown place. See <a href="https://www.drupal.org/node/2294061">this issue</a> for details.', array(), WATCHDOG_CRITICAL);
    }
  }
}