Website
/
Manager
1
0
Fork 0
Code Releases 11 Activity

Unset pre-session on login and registration

master
Anonymous Contributor 2023-08-23 18:16:34 +02:00
parent 20ae77b90b
commit ed9f4c8eed
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
pages/login.php
View File

@ -32,6 +32,7 @@
{ {
if(md5(md5($_POST['password']).":".$rowAuth['passwordSalt']) == $rowAuth['passwordHash']) if(md5(md5($_POST['password']).":".$rowAuth['passwordSalt']) == $rowAuth['passwordHash'])
{ {
session_unset(); // Unset pre-session variables, next request will generate a new CSRF token
$_SESSION['USERNAME'] = trim($_POST['username']); $_SESSION['USERNAME'] = trim($_POST['username']);
$_SESSION['FIRSTNAME'] = trim($rowUser['FirstName']); $_SESSION['FIRSTNAME'] = trim($rowUser['FirstName']);
$_SESSION['LASTNAME'] = trim($rowUser['LastName']); $_SESSION['LASTNAME'] = trim($rowUser['LastName']);

3
pages/register.php
View File

@ -36,7 +36,7 @@
'avatar' => array('required' => true) 'avatar' => array('required' => true)
)); ));
if(!$validator->isValid()) { if(!$validator->isValid($_POST)) {
if(!isset($_REQUEST['tos']) || $_REQUEST['tos'] !== true) { if(!isset($_REQUEST['tos']) || $_REQUEST['tos'] !== true) {
displayPage("Du musst die Nutzungsbedingungen lesen und Akzeptieren."); displayPage("Du musst die Nutzungsbedingungen lesen und Akzeptieren.");
} }
@ -117,6 +117,7 @@
} }
$statementInviteDeleter = $RUNTIME['PDO']->prepare('DELETE FROM InviteCodes WHERE InviteCode = :code'); $statementInviteDeleter = $RUNTIME['PDO']->prepare('DELETE FROM InviteCodes WHERE InviteCode = :code');
$statementInviteDeleter->execute(['code' => $_REQUEST['code']]); $statementInviteDeleter->execute(['code' => $_REQUEST['code']]);
session_unset(); // Unset pre-session variables, next request will generate a new CSRF token
$_SESSION['USERNAME'] = trim($RUNTIME['REGISTER']['Name']); $_SESSION['USERNAME'] = trim($RUNTIME['REGISTER']['Name']);
$_SESSION['FIRSTNAME'] = trim($avatarNameParts[0]); $_SESSION['FIRSTNAME'] = trim($avatarNameParts[0]);
$_SESSION['LASTNAME'] = trim($avatarNameParts[1]); $_SESSION['LASTNAME'] = trim($avatarNameParts[1]);