Commit: cc46f46ec1f919c58c4ba0ad22aa82b962414fb1 Author: Hannes Magnusson <[email protected]> Wed, 18 Dec 2013 16:48:52 -0800 Parents: 279d0f14bf8ccf2ba5a872f5db1d95b15f327a4f Branches: master
Link: http://git.php.net/?p=web/master.git;a=commitdiff;h=cc46f46ec1f919c58c4ba0ad22aa82b962414fb1 Log: Show some error message Completely kill all session variables on failed login Regenerate the session id on successful login Changed paths: M include/login.inc Diff: diff --git a/include/login.inc b/include/login.inc index 50df400..1eccc52 100644 --- a/include/login.inc +++ b/include/login.inc @@ -29,7 +29,7 @@ if (isset($_POST["user"], $_POST["pw"])) { // Login form, if the user is not yet logged in if (!$cuser || !$cpw || !verify_password($cuser,$cpw)) { - $_SESSION["credentials"] = array(); + $_SESSION = array(); session_destroy(); // IS_DEV was 1 or 0 until 22 Feb 2012. It's now a @php.net username hint. @@ -65,8 +65,22 @@ if (!$cuser || !$cpw || !verify_password($cuser,$cpw)) { </td> </tr> <tr> - <td align="center" colspan="2"><input type="submit" value="Login" /></td> + <td></td><td><input type="submit" value="Login" /></td> </tr> +<?php if ($cpw): ?> +<?php + $msgs = array( + "Nope.. Wrong (username?) password", + "Nope.. Thats not it", + "This isn't going very well..", + ); + shuffle($msgs); + $msg = array_pop($msgs); +?> + <tr> + <td colspan="2"><?php echo $msg ?></td> + </tr> +<?php endif ?> </table> </form> </body> @@ -75,6 +89,7 @@ if (!$cuser || !$cpw || !verify_password($cuser,$cpw)) { exit; } +session_regenerate_id(); // At this point, we have logged in successfully $_SESSION["credentials"] = array($cuser, $cpw); $_SESSION["username"] = $cuser; -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
