Authentication: Additional improvements to order execution and invalid creds.

core/authentication/resources/classes/plugins/database.php

@@ -107,7 +107,8 @@ class plugin_database {
 					$view->assign("login_logo_height", $settings['theme']['login_logo_height']);
 					$view->assign("login_logo_source", $settings['theme']['logo']);
 					$view->assign("message_delay", $settings['theme']['message_delay']);
-					if (!empty($_SESSION['authentication']['plugin']['database']['authorized']) && $_SESSION['authentication']['plugin']['database']['authorized'] == 1 && !empty($_SESSION['username'])) {
+// 					if (!empty($_SESSION['authentication']['plugin']['database']['authorized']) && $_SESSION['authentication']['plugin']['database']['authorized'] == 1 && !empty($_SESSION['username'])) {
+					if (!empty($_SESSION['username'])) {
 						$view->assign("login_password_description", $text['label-password_description']);
 						$view->assign("username", $_SESSION['username']);
 						$view->assign("button_cancel", $text['button-cancel']);
@@ -191,7 +192,7 @@ class plugin_database {
 			$sql .= "and (user_enabled = 'true' or user_enabled is null) ";
 			$database = new database;
 			$row = $database->select($sql, $parameters, 'row');
-			if (is_array($row)) {
+			if (!empty($row) && is_array($row) && @sizeof($row) != 0) {
 
 				//set the domain details
 					$this->domain_uuid = $_SESSION['domain_uuid'];
@@ -287,7 +288,11 @@ class plugin_database {
 						}
 					}
 					else {
-						unset($_SESSION['username'], $_REQUEST['username'], $_POST['username'], $this->username);
+						//clear authentication session
+						unset($_SESSION['authentication']);
+
+						// clear username
+						unset($_SESSION['username'], $_REQUEST['username'], $_POST['username']);
 					}
 
 			}