bug 1176: Kill user session when profile array missing or not properly initialized
authorBenny Baumann <BenBE@geshi.org>
Wed, 26 Jun 2013 20:08:32 +0000 (22:08 +0200)
committerBenny Baumann <BenBE@geshi.org>
Wed, 26 Jun 2013 20:08:32 +0000 (22:08 +0200)
includes/loggedin.php

index 9c7ac73..6b37119 100644 (file)
        require_once("../includes/lib/l10n.php");
        include_once("../includes/mysql.php");
 
+       if(!is_array($_SESSION['profile']) {
+               $_SESSION['profile'] = array( 'id' => 0, 'loggedin' => 0 );
+       }
+       if(!isset($_SESSION['profile']['id'] || !isset($_SESSION['profile']['loggedin']) {
+               $_SESSION['profile']['id'] = 0;
+               $_SESSION['profile']['loggedin'] = 0;
+       }
+
        if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0)
        {
                $uid = $_SESSION['profile']['id'];