From 0f3d8f7b4c52758f7476cd7cb7b4baab3a3c6d3d Mon Sep 17 00:00:00 2001
From: Jake Jarvis <jakejarvis@gmail.com>
Date: Sun, 19 May 2013 16:23:56 -0400
Subject: [PATCH] fix security flaw -- still prints list after redirect to
 login page

---
 header.php | 1 +
 login.php  | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/header.php b/header.php
index 20a2fb0..6248e4d 100644
--- a/header.php
+++ b/header.php
@@ -4,6 +4,7 @@ include_once('config.php');
 session_start();
 if(!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] == FALSE) {
   header("Location:" . $site_url . "/login");
+  die();
 }
 
 include_once('functions.php');
diff --git a/login.php b/login.php
index bbe87d5..49fc179 100644
--- a/login.php
+++ b/login.php
@@ -5,9 +5,11 @@ session_start();
 
 if($_SESSION['logged_in']) {
   header("Location:" . $site_url . "/");
+  die();
 } else if($_COOKIE['remembered'] == 'TRUE') {
   $_SESSION['logged_in'] = TRUE;
   header("Location:" . $site_url . "/");
+  die();
 }
 
 if(isset($_POST['password'])) {
@@ -18,6 +20,7 @@ if(isset($_POST['password'])) {
       setcookie('remembered', 'TRUE', $threeMonths);
     }
     header("Location:" . $site_url . "/");
+    die();
   } else {
     $failure = TRUE;
   }