Browse code

Erzeuge Session-Token, falls es noch nicht existiert.

Bernd Wurst authored on 20/07/2018 11:37:15
Showing 1 changed files
... ...
@@ -300,6 +300,9 @@ function check_form_token($form_id, $formtoken = null)
300 300
         system_failure("Internal error! (Session not running)");
301 301
     }
302 302
 
303
+    if (! isset($_SESSION['session_token'])) {
304
+        $_SESSION['session_token'] = random_string(10);
305
+    }
303 306
     $correct_formtoken = hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
304 307
 
305 308
     if (! ($formtoken == $correct_formtoken)) {