From dcffa74b03d56b85b1eb5904a4a2e6aa1818f4b2 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Tue, 16 Oct 2018 09:27:09 +0300
Subject: force logout user when login from is rendered

---
 login.php    |  2 ++
 logout.php   |  8 +-------
 sessions.php | 10 ++++++++++
 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/login.php b/login.php
index ff8fd46..57babb9 100644
--- a/login.php
+++ b/login.php
@@ -35,6 +35,8 @@
 		} else {
 			$login_notice = "Incorrect username or password";
 		}
+	} else {
+		logout_user();
 	}
 
 ?>
diff --git a/logout.php b/logout.php
index 06fe527..e365b9f 100644
--- a/logout.php
+++ b/logout.php
@@ -2,13 +2,7 @@
 	require_once "config.php";
 	require_once "sessions.php";
 
-	session_destroy();
-
-	if (isset($_COOKIE[session_name()])) {
-	   setcookie(session_name(), '', time()-42000, '/');
-	}
-
-	session_commit();
+	logout_user();
 
 	header("Location: login.php");
 
diff --git a/sessions.php b/sessions.php
index bc88180..7755140 100644
--- a/sessions.php
+++ b/sessions.php
@@ -9,6 +9,16 @@
 	ini_set("session.gc_maxlifetime", SESSION_LIFETIME);
 	ini_set("session.cookie_lifetime", SESSION_LIFETIME);
 
+	function logout_user() {
+		session_destroy();
+
+		if (isset($_COOKIE[session_name()])) {
+		   setcookie(session_name(), '', time()-42000, '/');
+		}
+
+		session_commit();
+	}
+
 	if (@$_SERVER['HTTPS'] == "on") {
 		ini_set("session.cookie_secure", true);
 	}
-- 
cgit v1.2.3