Unset pre-session on login and registration
parent
20ae77b90b
commit
ed9f4c8eed
|
@ -32,6 +32,7 @@
|
|||
{
|
||||
if(md5(md5($_POST['password']).":".$rowAuth['passwordSalt']) == $rowAuth['passwordHash'])
|
||||
{
|
||||
session_unset(); // Unset pre-session variables, next request will generate a new CSRF token
|
||||
$_SESSION['USERNAME'] = trim($_POST['username']);
|
||||
$_SESSION['FIRSTNAME'] = trim($rowUser['FirstName']);
|
||||
$_SESSION['LASTNAME'] = trim($rowUser['LastName']);
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
'avatar' => array('required' => true)
|
||||
));
|
||||
|
||||
if(!$validator->isValid()) {
|
||||
if(!$validator->isValid($_POST)) {
|
||||
if(!isset($_REQUEST['tos']) || $_REQUEST['tos'] !== true) {
|
||||
displayPage("Du musst die Nutzungsbedingungen lesen und Akzeptieren.");
|
||||
}
|
||||
|
@ -117,6 +117,7 @@
|
|||
}
|
||||
$statementInviteDeleter = $RUNTIME['PDO']->prepare('DELETE FROM InviteCodes WHERE InviteCode = :code');
|
||||
$statementInviteDeleter->execute(['code' => $_REQUEST['code']]);
|
||||
session_unset(); // Unset pre-session variables, next request will generate a new CSRF token
|
||||
$_SESSION['USERNAME'] = trim($RUNTIME['REGISTER']['Name']);
|
||||
$_SESSION['FIRSTNAME'] = trim($avatarNameParts[0]);
|
||||
$_SESSION['LASTNAME'] = trim($avatarNameParts[1]);
|
||||
|
|
Loading…
Reference in New Issue