login system fixes (4)

2007-03-01 14:33:29 +01:00 · 2007-03-01 14:33:29 +01:00 · c12510cd4d
parent a885f0ec2a
commit c12510cd4d
1 changed files with 4 additions and 2 deletions
--- a/functions.php
+++ b/functions.php
@ -1191,7 +1191,7 @@
 				}
 			}

-			if ($_COOKIE["ttrss_sid"]) {
+			if ($_COOKIE[get_session_cookie_name()]) {
 				require_once "sessions.php";
 			}

@ -1204,7 +1204,7 @@
 			$login_action = $_POST["login_action"];

 			# try to authenticate user if called from login form			
-			if ($login_action == "do_login") {
+			if ($login_action == "do_login" && !$_SESSION["uid"]) {
 				$login = $_POST["login"];
 				$password = $_POST["password"];
 				$remember_me = $_POST["remember_me"];
@ -1217,6 +1217,8 @@

 				require_once "sessions.php";

+				session_regenerate_id();
+
 				if (authenticate_user($link, $login, $password)) {
 					$_POST["password"] = "";