Commit

commit 985c8651434792e6c5c9a8525c8c74e3ce6672ca
Author: Jan Dankert 
Date:   Thu Nov 19 00:45:44 2020 +0100

    Security fix: We must update the login token on every login; Administrators are able to see the login tokens of users.

 modules/cms/Dispatcher.class.php                   | 100 +++++-----
 modules/cms/action/Action.class.php                |  25 +--
 .../cms/action/login/LoginLoginAction.class.php    | 220 ++++++++++-----------
 .../cms/action/login/LoginLogoutAction.class.php   |   5 +-
 .../cms/action/user/UserAdvancedAction.class.php   |  26 +++
 modules/cms/api/API.class.php                      |   5 +-
 modules/cms/auth/CookieAuth.class.php              |   6 +-
 modules/cms/auth/InternalAuth.class.php            |   2 -
 modules/cms/auth/RememberAuth.class.php            |  61 +++++-
 modules/cms/model/User.class.php                   | 169 ++++++++++------
 modules/cms/ui/UI.class.php                        |   2 +-
 .../ui/themes/default/html/views/user/advanced.php |  51 +++++
 .../default/html/views/user/advanced.tpl.src.xml   |  38 ++++
 modules/database/Database.class.php                |   1 -
 .../html/component_date/component-date.php         |   7 +-
 modules/util/Cookie.class.php                      |  67 +++++++
 16 files changed, 510 insertions(+), 275 deletions(-)