aboutsummaryrefslogtreecommitdiff
path: root/app/Controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/Controllers')
-rw-r--r--app/Controllers/authController.php6
-rw-r--r--app/Controllers/userController.php1
2 files changed, 6 insertions, 1 deletions
diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php
index 75d4acae0..ca44b1a96 100644
--- a/app/Controllers/authController.php
+++ b/app/Controllers/authController.php
@@ -69,7 +69,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
* the user is already connected.
*/
public function loginAction() {
- if (FreshRSS_Auth::hasAccess()) {
+ if (FreshRSS_Auth::hasAccess() && Minz_Request::param('u', '') == '') {
Minz_Request::forward(array('c' => 'index', 'a' => 'index'), true);
}
@@ -133,6 +133,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
// Set session parameter to give access to the user.
Minz_Session::_param('currentUser', $username);
Minz_Session::_param('passwordHash', $conf->passwordHash);
+ Minz_Session::_param('csrf');
FreshRSS_Auth::giveAccess();
// Set cookie parameter if nedded.
@@ -161,6 +162,8 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
return;
}
+ FreshRSS_FormAuth::deleteCookie();
+
$conf = get_user_configuration($username);
if ($conf == null) {
return;
@@ -176,6 +179,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
if ($ok) {
Minz_Session::_param('currentUser', $username);
Minz_Session::_param('passwordHash', $s);
+ Minz_Session::_param('csrf');
FreshRSS_Auth::giveAccess();
Minz_Request::good(_t('feedback.auth.login.success'),
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 71172b9ef..be3787561 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -247,6 +247,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
$user_conf = get_user_configuration($new_user_name);
Minz_Session::_param('currentUser', $new_user_name);
Minz_Session::_param('passwordHash', $user_conf->passwordHash);
+ Minz_Session::_param('csrf');
FreshRSS_Auth::giveAccess();
}
generated by cgit v1.2.3 (git 2.39.1) at 2026-05-01 16:51:13 +0000