summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBenny Baumann <BenBE@geshi.org>2013-06-26 22:08:32 +0200
committerBenny Baumann <BenBE@geshi.org>2013-06-26 22:08:32 +0200
commit65d9c80b1e280a15f073fd429f45a770767701ac (patch)
tree051c4b5109da00b5a340b4791ec275a468817542
parente89c06e4580f17a608b4c3164a1727069eb23b0f (diff)
downloadcacert-devel-65d9c80b1e280a15f073fd429f45a770767701ac.tar.gz
cacert-devel-65d9c80b1e280a15f073fd429f45a770767701ac.tar.xz
cacert-devel-65d9c80b1e280a15f073fd429f45a770767701ac.zip
bug 1176: Kill user session when profile array missing or not properly initialized
-rw-r--r--includes/loggedin.php8
1 files changed, 8 insertions, 0 deletions
diff --git a/includes/loggedin.php b/includes/loggedin.php
index 9c7ac73..6b37119 100644
--- a/includes/loggedin.php
+++ b/includes/loggedin.php
@@ -20,6 +20,14 @@
require_once("../includes/lib/l10n.php");
include_once("../includes/mysql.php");
+ if(!is_array($_SESSION['profile']) {
+ $_SESSION['profile'] = array( 'id' => 0, 'loggedin' => 0 );
+ }
+ if(!isset($_SESSION['profile']['id'] || !isset($_SESSION['profile']['loggedin']) {
+ $_SESSION['profile']['id'] = 0;
+ $_SESSION['profile']['loggedin'] = 0;
+ }
+
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0)
{
$uid = $_SESSION['profile']['id'];