mirror/postfixadmin
0
0
Fork 0
mirror of https://github.com/postfixadmin/postfixadmin.git synced 2024-09-19 19:22:14 +02:00
Code

login.php was writing to $_SESSION just before the 'init_session' function was called which just overwrote everything, so reorder code to fix #795

Browse Source 
see https://github.com/postfixadmin/postfixadmin/issues/795 (thanks @kwitkow)
This commit is contained in:
David Goodwin 2024-01-05 19:30:36 +00:00
parent 6b5801c666
commit 0632d39d0c
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
public/login.php
View File

@ -82,16 +82,19 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$adminproperties = $h->result();
if ($adminproperties['superadmin'] == 1) {
$_SESSION['sessid']['roles'][] = 'global-admin';
}
if ($totppf->usesTOTP($fUsername)) {
init_session($fUsername, true, false);
header("Location: login-mfa.php");
exit(0);
}
init_session($fUsername, true, true);
if ($adminproperties['superadmin'] == 1) {
$_SESSION['sessid']['roles'][] = 'global-admin';
}
header("Location: main.php");
exit(0);
} else { # $h->login failed