]> git.wh0rd.org - tt-rss.git/blobdiff - classes/handler/public.php
git.wh0rd.org / tt-rss.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
another attempt to enforce session ID regeneration on login
[tt-rss.git] / classes / handler / public.php
diff --git a/classes/handler/public.php b/classes/handler/public.php
index e892a9797003c05302acac45cef2f17e62acb9d2..de9c9684a00336db2b37d1b8d4ddf967e8f01c5f 100755 (executable)
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -476,8 +476,6 @@ class Handler_Public extends Handler {
                                session_set_cookie_params(0);
                        }
 
-                       @session_start();
-
                        if (authenticate_user($login, $password)) {
                                $_POST["password"] = "";
 
@@ -501,7 +499,13 @@ class Handler_Public extends Handler {
                                        }
                                }
                        } else {
-                               $_SESSION["login_error_msg"] = __("Incorrect username or password");
+
+                               // start an empty session to deliver login error message
+                               @session_start();
+
+                               if (!isset($_SESSION["login_error_msg"]))
+                                       $_SESSION["login_error_msg"] = __("Incorrect username or password");
+
                                user_error("Failed login attempt for $login from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING);
                        }
 
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/