From 0632d39d0c5891d1372762f36a242accc475ba30 Mon Sep 17 00:00:00 2001 From: David Goodwin Date: Fri, 5 Jan 2024 19:30:36 +0000 Subject: [PATCH] login.php was writing to $_SESSION just before the 'init_session' function was called which just overwrote everything, so reorder code to fix #795 see https://github.com/postfixadmin/postfixadmin/issues/795 (thanks @kwitkow) --- public/login.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/public/login.php b/public/login.php index a0843e4f..20473e3e 100644 --- a/public/login.php +++ b/public/login.php @@ -82,16 +82,19 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") { $adminproperties = $h->result(); - if ($adminproperties['superadmin'] == 1) { - $_SESSION['sessid']['roles'][] = 'global-admin'; - } if ($totppf->usesTOTP($fUsername)) { init_session($fUsername, true, false); header("Location: login-mfa.php"); exit(0); } + init_session($fUsername, true, true); + + if ($adminproperties['superadmin'] == 1) { + $_SESSION['sessid']['roles'][] = 'global-admin'; + } + header("Location: main.php"); exit(0); } else { # $h->login failed