From: jakubvrana Date: Tue, 17 Jul 2007 05:14:43 +0000 (+0000) Subject: Unset username in case of bad login X-Git-Tag: v3.0.0~1308 X-Git-Url: https://git.joonet.de/?a=commitdiff_plain;h=ce12469b702a061dc74f5f8138c3423a214afd14;p=adminer.git Unset username in case of bad login git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@200 7c3ca157-0c34-0410-bff1-cbf682f78f5c --- diff --git a/auth.inc.php b/auth.inc.php index 49a74284..45b38056 100644 --- a/auth.inc.php +++ b/auth.inc.php @@ -30,12 +30,14 @@ if (isset($_POST["server"])) { redirect(substr($SELF, 0, -1), lang('Logout successful.')); } -if (!isset($_SESSION["usernames"][$_GET["server"]]) || !$mysql->connect($_GET["server"], $_SESSION["usernames"][$_GET["server"]], $_SESSION["passwords"][$_GET["server"]])) { - if ($_POST["token"] && !isset($_SESSION["usernames"][$_GET["server"]])) { +$username = $_SESSION["usernames"][$_GET["server"]]; +if (!isset($username) || !$mysql->connect($_GET["server"], $username, $_SESSION["passwords"][$_GET["server"]])) { + if ($_POST["token"] && !isset($username)) { $_POST["token"] = token(); } + unset($_SESSION["usernames"][$_GET["server"]]); page_header(lang('Login')); - if (isset($_SESSION["usernames"][$_GET["server"]])) { + if (isset($username)) { echo "

" . lang('Invalid credentials.') . "

\n"; } elseif (isset($_POST["server"])) { echo "

" . lang('Sessions must be enabled.') . "

\n"; @@ -46,7 +48,7 @@ if (!isset($_SESSION["usernames"][$_GET["server"]]) || !$mysql->connect($_GET["s
- +
:" maxlength="60" />
:" maxlength="16" />
:
:
$val) { // expired session