From 63ab8561be1d04e20cabb791f4930410f8783d71 Mon Sep 17 00:00:00 2001
From: Jakub Vrana <jakub@vrana.cz>
Date: Mon, 31 Mar 2025 18:39:42 +0200
Subject: [PATCH] Auth: Set token after unsuccessful login

Broken by d59830c
---
 adminer/include/auth.inc.php | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
index 9a5f5cdd..69f875a7 100644
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -146,6 +146,9 @@ function auth_error(string $error, array &$permanent) {
 	}
 	$params = session_get_cookie_params();
 	cookie("adminer_key", ($_COOKIE["adminer_key"] ?: rand_string()), $params["lifetime"]);
+	if (!$_SESSION["token"]) {
+		$_SESSION["token"] = rand(1, 1e6); // this is for next attempt
+	}
 	page_header(lang('Login'), $error, null);
 	echo "<form action='' method='post'>\n";
 	echo "<div>";
@@ -187,11 +190,9 @@ if (isset($_GET["username"]) && is_string(get_password())) {
 
 $login = null;
 if (!is_object($connection) || ($login = adminer()->login($_GET["username"], get_password())) !== true) {
-	$error = (is_string($connection) ? nl_br(h($connection)) : (is_string($login) ? $login : lang('Invalid credentials.')));
-	auth_error(
-		$error . (preg_match('~^ | $~', get_password()) ? '<br>' . lang('There is a space in the input password which might be the cause.') : ''),
-		$permanent
-	);
+	$error = (is_string($connection) ? nl_br(h($connection)) : (is_string($login) ? $login : lang('Invalid credentials.')))
+		. (preg_match('~^ | $~', get_password()) ? '<br>' . lang('There is a space in the input password which might be the cause.') : '');
+	auth_error($error, $permanent);
 }
 
 if ($_POST["logout"] && $_SESSION["token"] && !verify_token()) {