Bug correction in login form

This commit is contained in:
Phyks 2013-08-25 22:36:46 +02:00
parent ad6b4462c8
commit eda37541b3
2 changed files with 9 additions and 7 deletions

1
TODO
View File

@ -3,6 +3,7 @@
* htmlspecialchars => on users objects * htmlspecialchars => on users objects
* handle negative amounts * handle negative amounts
* Refactor load method to avoir load_* methods ! * Refactor load method to avoir load_* methods !
* Test remember_me
install.php : install.php :
============= =============

View File

@ -36,13 +36,6 @@
// Handle current user status // Handle current user status
if(session_id() == '') session_start(); if(session_id() == '') session_start();
// If IP has changed, logout
if(user_ip() != $_SESSION['ip']) {
session_destroy();
header('location: index.php?do=connect');
exit();
}
$current_user = new User(); $current_user = new User();
if(isset($_SESSION['current_user'])) { if(isset($_SESSION['current_user'])) {
$current_user->sessionRestore($_SESSION['current_user'], true); $current_user->sessionRestore($_SESSION['current_user'], true);
@ -57,6 +50,13 @@
header('location: index.php?do=connect'); header('location: index.php?do=connect');
exit(); exit();
} }
// If IP has changed, logout
if($current_user !== false && user_ip() != $_SESSION['ip']) {
session_destroy();
header('location: index.php?do=connect');
exit();
}
// Initialize empty $_GET['do'] if required to avoid error // Initialize empty $_GET['do'] if required to avoid error
if(empty($_GET['do'])) { if(empty($_GET['do'])) {
@ -102,6 +102,7 @@
} }
} }
} }
$tpl->assign('connection', true);
$tpl->assign('user_post', (!empty($_POST['login'])) ? htmlspecialchars($_POST['login']) : ''); $tpl->assign('user_post', (!empty($_POST['login'])) ? htmlspecialchars($_POST['login']) : '');
$tpl->assign('token', generate_token('connection')); $tpl->assign('token', generate_token('connection'));
$tpl->draw('connection'); $tpl->draw('connection');