Website
/
Manager
1
0
Fork 0
Code Releases 11 Activity

Unset pre-session on login and registration

master
Anonymous Contributor 2023-08-23 18:16:34 +02:00
parent 20ae77b90b
commit ed9f4c8eed
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
pages/login.php
View File

@ -32,6 +32,7 @@
{
if(md5(md5($_POST['password']).":".$rowAuth['passwordSalt']) == $rowAuth['passwordHash'])
{
session_unset(); // Unset pre-session variables, next request will generate a new CSRF token
$_SESSION['USERNAME'] = trim($_POST['username']);
$_SESSION['FIRSTNAME'] = trim($rowUser['FirstName']);
$_SESSION['LASTNAME'] = trim($rowUser['LastName']);

3
pages/register.php
View File

@ -36,7 +36,7 @@
'avatar' => array('required' => true)
));
if(!$validator->isValid()) {
if(!$validator->isValid($_POST)) {
if(!isset($_REQUEST['tos']) || $_REQUEST['tos'] !== true) {
displayPage("Du musst die Nutzungsbedingungen lesen und Akzeptieren.");
}
@ -117,6 +117,7 @@
}
$statementInviteDeleter = $RUNTIME['PDO']->prepare('DELETE FROM InviteCodes WHERE InviteCode = :code');
$statementInviteDeleter->execute(['code' => $_REQUEST['code']]);
session_unset(); // Unset pre-session variables, next request will generate a new CSRF token
$_SESSION['USERNAME'] = trim($RUNTIME['REGISTER']['Name']);
$_SESSION['FIRSTNAME'] = trim($avatarNameParts[0]);
$_SESSION['LASTNAME'] = trim($avatarNameParts[1]);