From c12510cd4d26a1432c9e578063d98db80fff9fe1 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@bah.spb.su>
Date: Thu, 1 Mar 2007 14:33:29 +0100
Subject: login system fixes (4)

---
 functions.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'functions.php')

diff --git a/functions.php b/functions.php
index ada1b7162..5f7565f73 100644
--- a/functions.php
+++ b/functions.php
@@ -1191,7 +1191,7 @@
 				}
 			}
 
-			if ($_COOKIE["ttrss_sid"]) {
+			if ($_COOKIE[get_session_cookie_name()]) {
 				require_once "sessions.php";
 			}
 
@@ -1204,7 +1204,7 @@
 			$login_action = $_POST["login_action"];
 
 			# try to authenticate user if called from login form			
-			if ($login_action == "do_login") {
+			if ($login_action == "do_login" && !$_SESSION["uid"]) {
 				$login = $_POST["login"];
 				$password = $_POST["password"];
 				$remember_me = $_POST["remember_me"];
@@ -1217,6 +1217,8 @@
 
 				require_once "sessions.php";
 
+				session_regenerate_id();
+
 				if (authenticate_user($link, $login, $password)) {
 					$_POST["password"] = "";
 
-- 
cgit v1.2.3