From 6f150ac55c9b1883c18605c850200202addf591e Mon Sep 17 00:00:00 2001 From: Anonymous Contributor Date: Wed, 23 Aug 2023 18:16:36 +0200 Subject: [PATCH] Fix session variable assignment in login --- pages/login.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pages/login.php b/pages/login.php index 9fc90df..3d6024e 100644 --- a/pages/login.php +++ b/pages/login.php @@ -25,11 +25,11 @@ if(hash_equals(md5(md5($_POST['password']).":".$res['passwordSalt']), $res['passwordHash'])) { session_unset(); // Unset pre-session variables, next request will generate a new CSRF token - $_SESSION['FIRSTNAME'] = trim($rowUser['FirstName']); - $_SESSION['LASTNAME'] = trim($rowUser['LastName']); - $_SESSION['EMAIL'] = trim($rowUser['Email']); - $_SESSION['PASSWORD'] = $rowAuth['passwordHash']; - $_SESSION['SALT'] = $rowAuth['passwordSalt']; + $_SESSION['FIRSTNAME'] = $rowUser['FirstName']; + $_SESSION['LASTNAME'] = $rowUser['LastName']; + $_SESSION['EMAIL'] = $rowUser['Email']; + $_SESSION['PASSWORD'] = $rowUser['passwordHash']; + $_SESSION['SALT'] = $rowUser['passwordSalt']; $_SESSION['UUID'] = $rowUser['PrincipalID']; $_SESSION['LEVEL'] = $rowUser['UserLevel']; $_SESSION['DISPLAYNAME'] = strtoupper($rowUser['FirstName'].' '.$rowUser['LastName']);