Website
/
Manager
1
0
Fork 0
Code Releases 11 Activity

Fix session variable assignment in login

master
Anonymous Contributor 2023-08-23 18:16:36 +02:00
parent fb605bcf4a
commit 6f150ac55c
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pages/login.php
View File

@ -25,11 +25,11 @@
if(hash_equals(md5(md5($_POST['password']).":".$res['passwordSalt']), $res['passwordHash'])) {
session_unset(); // Unset pre-session variables, next request will generate a new CSRF token
$_SESSION['FIRSTNAME'] = trim($rowUser['FirstName']);
$_SESSION['LASTNAME'] = trim($rowUser['LastName']);
$_SESSION['EMAIL'] = trim($rowUser['Email']);
$_SESSION['PASSWORD'] = $rowAuth['passwordHash'];
$_SESSION['SALT'] = $rowAuth['passwordSalt'];
$_SESSION['FIRSTNAME'] = $rowUser['FirstName'];
$_SESSION['LASTNAME'] = $rowUser['LastName'];
$_SESSION['EMAIL'] = $rowUser['Email'];
$_SESSION['PASSWORD'] = $rowUser['passwordHash'];
$_SESSION['SALT'] = $rowUser['passwordSalt'];
$_SESSION['UUID'] = $rowUser['PrincipalID'];
$_SESSION['LEVEL'] = $rowUser['UserLevel'];
$_SESSION['DISPLAYNAME'] = strtoupper($rowUser['FirstName'].' '.$rowUser['LastName']);