Project

General

Profile

Bug #24456 » 24456_44.patch

Oliver Hader, 2011-07-22 16:08

View differences:

t3lib/class.t3lib_userauth.php
// Make certain that NO user is set initially
$this->user = '';
// We need a PHP session session for most login levels
session_start();
// Check to see if anyone has submitted login-information and if so register the user with the session. $this->user[uid] may be used to write log...
$this->checkAuthentication();
......
// Check challenge stored in cookie:
if ($this->challengeStoredInCookie) {
session_start();
if ($_SESSION['login_challenge'] !== $loginData['chalvalue']) {
if ($this->writeDevLog) t3lib_div::devLog('PHP Session stored challenge "'.$_SESSION['login_challenge'].'" and submitted challenge "'.$loginData['chalvalue'].'" did not match, so authentication failed!', 't3lib_userAuth', 2);
$this->logoff();
(5-5/7)