From 65d9c80b1e280a15f073fd429f45a770767701ac Mon Sep 17 00:00:00 2001
From: Benny Baumann <BenBE@geshi.org>
Date: Wed, 26 Jun 2013 22:08:32 +0200
Subject: bug 1176: Kill user session when profile array missing or not
 properly initialized

---
 includes/loggedin.php | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'includes/loggedin.php')

diff --git a/includes/loggedin.php b/includes/loggedin.php
index 9c7ac73..6b37119 100644
--- a/includes/loggedin.php
+++ b/includes/loggedin.php
@@ -20,6 +20,14 @@
 	require_once("../includes/lib/l10n.php");
 	include_once("../includes/mysql.php");
 
+	if(!is_array($_SESSION['profile']) {
+		$_SESSION['profile'] = array( 'id' => 0, 'loggedin' => 0 );
+	}
+	if(!isset($_SESSION['profile']['id'] || !isset($_SESSION['profile']['loggedin']) {
+		$_SESSION['profile']['id'] = 0;
+		$_SESSION['profile']['loggedin'] = 0;
+	}
+
 	if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0)
 	{
 		$uid = $_SESSION['profile']['id'];
-- 
cgit v1.2.1