From 8c10f27c9e634e7efd641ba4eeb3ec131ebd81f9 Mon Sep 17 00:00:00 2001 From: FusionPBX Date: Tue, 5 Jun 2018 23:36:24 -0600 Subject: [PATCH] Update check_auth.php --- resources/check_auth.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/resources/check_auth.php b/resources/check_auth.php index a9c35b494b..eec0180c6d 100644 --- a/resources/check_auth.php +++ b/resources/check_auth.php @@ -53,10 +53,10 @@ } //if the username session is not set the check username and password - if (strlen($_SESSION['username']) == 0 && isset($_REQUEST["username"]) && isset($_REQUEST["password"])) { + if (strlen($_SESSION['username']) == 0) { //clear the menu - $_SESSION["menu"] = ""; + unset($_SESSION["menu"]); //clear the template only if the template has not been assigned by the superadmin if (strlen($_SESSION['domain']['template']['name']) == 0) { @@ -65,11 +65,11 @@ //validate the username and password $auth = new authentication; - if (strlen($_REQUEST["username"]) > 0) { + if (isset($_REQUEST["username"]) && isset($_REQUEST["password"])) { $auth->username = $_REQUEST["username"]; $auth->password = $_REQUEST["password"]; } - if (strlen($_REQUEST["key"]) > 0) { + if (isset($_REQUEST["key"])) { $auth->key = $_REQUEST["key"]; } $auth->debug = false; @@ -97,6 +97,7 @@ openlog('FusionPBX', LOG_NDELAY, LOG_AUTH); syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] authentication failed for ".$result["username"]); closelog(); + //redirect the user to the login page $target_path = ($_REQUEST["path"] != '') ? $_REQUEST["path"] : $_SERVER["PHP_SELF"]; messages::add($text['message-invalid_credentials'], 'negative');