bug 1176: Kill user session when profile array missing or not properly initialized

author: Benny Baumann <BenBE@geshi.org> 2013-06-26 22:08:32 +0200
committer: Benny Baumann <BenBE@geshi.org> 2013-06-26 22:08:32 +0200
commit: 65d9c80b1e280a15f073fd429f45a770767701ac (patch)
tree: 051c4b5109da00b5a340b4791ec275a468817542 /includes/loggedin.php
parent: e89c06e4580f17a608b4c3164a1727069eb23b0f (diff)
download: cacert-devel-65d9c80b1e280a15f073fd429f45a770767701ac.tar.gz
cacert-devel-65d9c80b1e280a15f073fd429f45a770767701ac.tar.xz
cacert-devel-65d9c80b1e280a15f073fd429f45a770767701ac.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/includes/loggedin.php b/includes/loggedin.php
index 9c7ac73..6b37119 100644
--- a/includes/loggedin.php
+++ b/includes/loggedin.php
@@ -20,6 +20,14 @@
 	require_once("../includes/lib/l10n.php");
 	include_once("../includes/mysql.php");
 
+	if(!is_array($_SESSION['profile']) {
+		$_SESSION['profile'] = array( 'id' => 0, 'loggedin' => 0 );
+	}
+	if(!isset($_SESSION['profile']['id'] || !isset($_SESSION['profile']['loggedin']) {
+		$_SESSION['profile']['id'] = 0;
+		$_SESSION['profile']['loggedin'] = 0;
+	}
+
 	if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0)
 	{
 		$uid = $_SESSION['profile']['id'];
author	Benny Baumann <BenBE@geshi.org>	2013-06-26 22:08:32 +0200
committer	Benny Baumann <BenBE@geshi.org>	2013-06-26 22:08:32 +0200
commit	65d9c80b1e280a15f073fd429f45a770767701ac (patch)
tree	051c4b5109da00b5a340b4791ec275a468817542 /includes/loggedin.php
parent	e89c06e4580f17a608b4c3164a1727069eb23b0f (diff)
download	cacert-devel-65d9c80b1e280a15f073fd429f45a770767701ac.tar.gz cacert-devel-65d9c80b1e280a15f073fd429f45a770767701ac.tar.xz cacert-devel-65d9c80b1e280a15f073fd429f45a770767701ac.zip