From c12510cd4d26a1432c9e578063d98db80fff9fe1 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Thu, 1 Mar 2007 14:33:29 +0100 Subject: [PATCH] login system fixes (4) --- functions.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/functions.php b/functions.php index ada1b716..5f7565f7 100644 --- a/functions.php +++ b/functions.php @@ -1191,7 +1191,7 @@ } } - if ($_COOKIE["ttrss_sid"]) { + if ($_COOKIE[get_session_cookie_name()]) { require_once "sessions.php"; } @@ -1204,7 +1204,7 @@ $login_action = $_POST["login_action"]; # try to authenticate user if called from login form - if ($login_action == "do_login") { + if ($login_action == "do_login" && !$_SESSION["uid"]) { $login = $_POST["login"]; $password = $_POST["password"]; $remember_me = $_POST["remember_me"]; @@ -1217,6 +1217,8 @@ require_once "sessions.php"; + session_regenerate_id(); + if (authenticate_user($link, $login, $password)) { $_POST["password"] = ""; -- 2.39.5