fix security flaw -- still prints list after redirect to login page

2025-09-15 04:35:34 -04:00 · 2013-05-19 16:23:56 -04:00
parent 1855f77493
commit 0f3d8f7b4c
2 changed files with 4 additions and 0 deletions
--- a/header.php
+++ b/header.php
@@ -4,6 +4,7 @@ include_once('config.php');
 session_start();
 if(!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] == FALSE) {
  header("Location:" . $site_url . "/login");
+  die();
 }

 include_once('functions.php');
--- a/login.php
+++ b/login.php
@@ -5,9 +5,11 @@ session_start();

 if($_SESSION['logged_in']) {
  header("Location:" . $site_url . "/");
+  die();
 } else if($_COOKIE['remembered'] == 'TRUE') {
  $_SESSION['logged_in'] = TRUE;
  header("Location:" . $site_url . "/");
+  die();
 }

 if(isset($_POST['password'])) {
@@ -18,6 +20,7 @@ if(isset($_POST['password'])) {
      setcookie('remembered', 'TRUE', $threeMonths);
    }
    header("Location:" . $site_url . "/");
+    die();
  } else {
    $failure = TRUE;
  }