diff options
| -rw-r--r-- | functions.php | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/functions.php b/functions.php index ada1b7162..5f7565f73 100644 --- a/functions.php +++ b/functions.php @@ -1191,7 +1191,7 @@ } } - if ($_COOKIE["ttrss_sid"]) { + if ($_COOKIE[get_session_cookie_name()]) { require_once "sessions.php"; } @@ -1204,7 +1204,7 @@ $login_action = $_POST["login_action"]; # try to authenticate user if called from login form - if ($login_action == "do_login") { + if ($login_action == "do_login" && !$_SESSION["uid"]) { $login = $_POST["login"]; $password = $_POST["password"]; $remember_me = $_POST["remember_me"]; @@ -1217,6 +1217,8 @@ require_once "sessions.php"; + session_regenerate_id(); + if (authenticate_user($link, $login, $password)) { $_POST["password"] = ""; |