summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xclasses/handler/public.php4
-rwxr-xr-xinclude/functions.php6
2 files changed, 7 insertions, 3 deletions
diff --git a/classes/handler/public.php b/classes/handler/public.php
index 7cce7d71b..de9c9684a 100755
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -503,7 +503,9 @@ class Handler_Public extends Handler {
// start an empty session to deliver login error message
@session_start();
- $_SESSION["login_error_msg"] = __("Incorrect username or password");
+ if (!isset($_SESSION["login_error_msg"]))
+ $_SESSION["login_error_msg"] = __("Incorrect username or password");
+
user_error("Failed login attempt for $login from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING);
}
diff --git a/include/functions.php b/include/functions.php
index a04a393ec..5588590a8 100755
--- a/include/functions.php
+++ b/include/functions.php
@@ -714,9 +714,11 @@
if ($user_id && !$check_only) {
+ /* if a session is started here there's a stale login cookie we need to clean */
+
if (session_status() != PHP_SESSION_NONE) {
- session_destroy();
- session_commit();
+ $_SESSION["login_error_msg"] = __("Stale session cookie found, try logging in again");
+ return false;
}
session_regenerate_id(true);
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-04 05:34:43 +0000