dev: more work on one time passwords, still some bugs

git-svn-id: file:///Users/Shitiz/Downloads/lssvn/source/limesurvey181@6569 b72ed6b6-b9f8-46b5-92b4-906544132732
LimeSurvey · Mar 20, 2009 · 6537ca6 · 6537ca6
1 parent 23ec1de
commit 6537ca6
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/admin/login_check.php b/admin/login_check.php
@@ -59,7 +59,8 @@
 			if ($result->RecordCount() < 1)
 			{
 				// wrong or unknown username 
-				$loginsummary = $clang->gT("No one time password found for user")." ".$user."<br />";			
+				$loginsummary = $clang->gT("No one time password found for user")." ".$user."<br />";
+				session_regenerate_id();			
 			}
 			else
 			{
@@ -92,6 +93,8 @@
 					$_SESSION['checksessionpost'] = randomkey(10);
 					$_SESSION['loginID'] = $srow['uid'];
 					$loginsummary = "";
+					GetSessionUserRights($_SESSION['loginID']);
+					//$adminoutput = "";
 
 					// Check if the user has changed his default password
 					if (strtolower($srow['password'])=='password')
@@ -103,6 +106,10 @@
 						$_SESSION['pw_notify']=false;
 					} 
 
+					//delete passed information
+					unset($_GET['user']);
+					unset($_GET['onepass']);
+
 				}			
 
 			}
@@ -119,7 +126,6 @@
 	($action == "logout") || 
 	($useWebserverAuth === true && !isset($_SESSION['loginID'])) )	// added by Dennis
 {
-	echo '<script language="javascript" type="text/javascript">alert("USERCONTROL");</script>';
 	include("usercontrol.php");
 }