mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-03 23:37:39 +02:00
Code Issues Releases Wiki Activity

Merge branch '3.2.x'

Browse Source
This commit is contained in:
Marc Alexander
2019-04-29 08:40:16 +02:00
parent f6f6d79398 055d7658db
commit c5a995ec8d
23 changed files with 237 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
phpBB/includes/functions.php
View File

@@ -2276,6 +2276,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
global $request, $phpbb_container, $phpbb_dispatcher, $phpbb_log;
$err = '';
$form_name = 'login';
// Make sure user->setup() has been called
if (!$user->is_setup())
@@ -2351,8 +2352,19 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
}
// If authentication is successful we redirect user to previous page
$result = $auth->login($username, $password, $autologin, $viewonline, $admin);
// Check form key
if ($password && !check_form_key($form_name))
{
$result = array(
'status' => false,
'error_msg' => 'FORM_INVALID',
);
}
else
{
// If authentication is successful we redirect user to previous page
$result = $auth->login($username, $password, $autologin, $viewonline, $admin);
}
// If admin authentication and login, we will log if it was a success or not...
// We also break the operation on the first non-success login - it could be argued that the user already knows
@@ -2503,6 +2515,9 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
));
}
// Add form token for login box
add_form_key($form_name, '_LOGIN');
$s_hidden_fields = build_hidden_fields($s_hidden_fields);
$login_box_template_data = array(