destroy session when init-link is clicked (new session is created afterwards)
Bernd Wurst commited on 2016-09-18 18:45:53
Zeige 1 geänderte Dateien mit 7 Einfügungen und 0 Löschungen.
- modules/index/initialize_useraccount.php 94dd654..b481f47
| ... | ... |
@@ -20,6 +20,13 @@ require_once('inc/security.php');
|
| 20 | 20 |
title("Passwort setzen");
|
| 21 | 21 |
$show = 'token'; |
| 22 | 22 |
|
| 23 |
+if (isset($_SESSION['role']) && $_SESSION['role'] != ROLE_ANONYMOUS) {
|
|
| 24 |
+ @session_destroy(); |
|
| 25 |
+ |
|
| 26 |
+ header('Location: '.$PHP_SELF);
|
|
| 27 |
+ die(); |
|
| 28 |
+} |
|
| 29 |
+ |
|
| 23 | 30 |
if (isset($_REQUEST['token'])) |
| 24 | 31 |
{
|
| 25 | 32 |
$token = $_REQUEST['token']; |
| 26 | 33 |