login system fixes (4)

diff --git a/functions.php b/functions.php
index ada1b7162f8de7a3232039e48132a0d4ec2d68de..5f7565f73a843e9f61d1797eb4c28734576c93a6 100644 (file)
--- a/functions.php
+++ b/functions.php
@@ -1191,7 +1191,7 @@
                                }
                        }
 
-                       if ($_COOKIE["ttrss_sid"]) {
+                       if ($_COOKIE[get_session_cookie_name()]) {
                                require_once "sessions.php";
                        }
 
@@ -1204,7 +1204,7 @@
                        $login_action = $_POST["login_action"];
 
                        # try to authenticate user if called from login form                    
-                       if ($login_action == "do_login") {
+                       if ($login_action == "do_login" && !$_SESSION["uid"]) {
                                $login = $_POST["login"];
                                $password = $_POST["password"];
                                $remember_me = $_POST["remember_me"];
@@ -1217,6 +1217,8 @@
 
                                require_once "sessions.php";
 
+                               session_regenerate_id();
+
                                if (authenticate_user($link, $login, $password)) {
                                        $_POST["password"] = "";