From: jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
Date: Wed, 11 Jul 2007 08:03:08 +0000 (+0000)
Subject: Generate token before session close
X-Git-Tag: v3.0.0~1392
X-Git-Url: https://git.joonet.de/?a=commitdiff_plain;h=b085cb44c18e8e2d51ab313cb58ebd8df29224f2;p=adminer.git

Generate token before session close

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@114 7c3ca157-0c34-0410-bff1-cbf682f78f5c
---

diff --git a/auth.inc.php b/auth.inc.php
index 69fe4f75..41e9ab83 100644
--- a/auth.inc.php
+++ b/auth.inc.php
@@ -30,6 +30,9 @@ if (isset($_POST["server"])) {
 }
 
 if (!isset($_SESSION["usernames"][$_GET["server"]]) || !$mysql->connect($_GET["server"], $_SESSION["usernames"][$_GET["server"]], $_SESSION["passwords"][$_GET["server"]])) {
+	if ($_POST["token"]) {
+		$_POST["token"] = token();
+	}
 	page_header(lang('Login'));
 	if (isset($_SESSION["usernames"][$_GET["server"]])) {
 		echo "<p class='error'>" . lang('Invalid credentials.') . "</p>\n";
@@ -56,8 +59,6 @@ if (!isset($_SESSION["usernames"][$_GET["server"]]) || !$mysql->connect($_GET["s
 					}
 				}
 			}
-		} elseif ($key == "token") {
-			echo '<input type="hidden" name="token" value="' . token() . '" />';
 		} elseif (!in_array($key, $ignore)) {
 			echo '<input type="hidden" name="' . htmlspecialchars($key) . '" value="' . htmlspecialchars($val) . '" />';
 		}