another attempt to enforce session ID regeneration on login

author: Andrew Dolgov <[email protected]> 2018-10-16 09:11:32 +0300
committer: Andrew Dolgov <[email protected]> 2018-10-16 09:11:32 +0300
commit: f730d7bb0ac691153eacd80844bb530dca04e3cc (patch)
tree: 541e93a874b0e62adffa68ad808714783c057293 /classes/handler
parent: 9dadbdbb218885f213f05915943ce3142b2cfcd8 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/classes/handler/public.php b/classes/handler/public.php
index 7cce7d71b..de9c9684a 100755
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -503,7 +503,9 @@ class Handler_Public extends Handler {
 				// start an empty session to deliver login error message
 				@session_start();
 
-				$_SESSION["login_error_msg"] = __("Incorrect username or password");
+				if (!isset($_SESSION["login_error_msg"]))
+					$_SESSION["login_error_msg"] = __("Incorrect username or password");
+
 				user_error("Failed login attempt for $login from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING);
 			}
author	Andrew Dolgov <[email protected]>	2018-10-16 09:11:32 +0300
committer	Andrew Dolgov <[email protected]>	2018-10-16 09:11:32 +0300
commit	f730d7bb0ac691153eacd80844bb530dca04e3cc (patch)
tree	541e93a874b0e62adffa68ad808714783c057293 /classes/handler
parent	9dadbdbb218885f213f05915943ce3142b2cfcd8 (diff)