Don't regenerate token with invalid login

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@115 7c3ca157-0c34-0410-bff1-cbf682f78f5c
2025-08-13 01:54:00 +02:00 · 2007-07-11 08:19:41 +00:00
parent b085cb44c1
commit d433043ff7
1 changed files with 1 additions and 1 deletions
--- a/auth.inc.php
+++ b/auth.inc.php
@@ -30,7 +30,7 @@ if (isset($_POST["server"])) {
 }

 if (!isset($_SESSION["usernames"][$_GET["server"]]) || !$mysql->connect($_GET["server"], $_SESSION["usernames"][$_GET["server"]], $_SESSION["passwords"][$_GET["server"]])) {
-	if ($_POST["token"]) {
+	if ($_POST["token"] && !isset($_SESSION["usernames"][$_GET["server"]])) {
 		$_POST["token"] = token();
 	}
 	page_header(lang('Login'));