Commit e6d914ac authored by Leigh B. Stoller's avatar Leigh B. Stoller
Browse files

FRAMES! Have to protect against a reload in the login frame since that

ends up reposting the login, which creates a new hash value in the DB.
But the other frame has also reloaded, and has sent the original hash
value, but that no longer matches whats in the DB, and so the lefthand
frame thinks you are logged in, but the righthand frame thinks your
are not. Hmm, I bet this could be a famous saying; "The lefthand frame
doesn't know what the righthand frame is doing." It could be my 15
minutes in the spotlight.
parent 85f586ab
......@@ -16,7 +16,17 @@ if (isset($login)) {
unset($uid);
}
else {
if (DOLOGIN($uid, $password)) {
#
# Look to see if already logged in. If the user hits reload,
# we are going to get another login post, and this could
# update the current login, but the other frame is also reloading,
# and has sent its cookie values in already. So, now the hash in
# DB will not match the hash that came with the other frame.
#
if (CHECKLOGIN($uid) == 1) {
$login_status = "$uid Logged In";
}
elseif (DOLOGIN($uid, $password)) {
$login_status = "Login Failed";
unset($uid);
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment