From aa16940296d2e54860119073d592512d58c61bf2 Mon Sep 17 00:00:00 2001
From: Harald Ponce de Leon <hpdl@oscommerce.com>
Date: Thu, 10 Sep 2009 12:06:11 +0200
Subject: [PATCH] assign a local $login_request variable in login.php; if there
 is no administrator session and this variable does not exist, redirect to the
 login page.

---
 catalog/admin/includes/application_top.php | 4 ++++
 catalog/admin/login.php                    | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/catalog/admin/includes/application_top.php b/catalog/admin/includes/application_top.php
index 291b5d0d0..d18564dab 100644
--- a/catalog/admin/includes/application_top.php
+++ b/catalog/admin/includes/application_top.php
@@ -146,6 +146,10 @@
       $redirect = true;
     }
 
+    if (!isset($login_request) || isset($HTTP_GET_VARS['login_request']) || isset($HTTP_POST_VARS['login_request']) || isset($HTTP_COOKIE_VARS['login_request']) || isset($HTTP_SESSION_VARS['login_request']) || isset($HTTP_POST_FILES['login_request']) || isset($HTTP_SERVER_VARS['login_request'])) {
+      $redirect = true;
+    }
+
     if ($redirect == true) {
       tep_redirect(tep_href_link(FILENAME_LOGIN));
     }
diff --git a/catalog/admin/login.php b/catalog/admin/login.php
index 09a4f6ba1..8a6f881dd 100644
--- a/catalog/admin/login.php
+++ b/catalog/admin/login.php
@@ -10,6 +10,8 @@
   Released under the GNU General Public License
 */
 
+  $login_request = true;
+
   require('includes/application_top.php');
   require('includes/functions/password_funcs.php');