diff --git a/Rocksolid_Light/rocksolid/newsportal.php b/Rocksolid_Light/rocksolid/newsportal.php
index dc41c7c..cafc60e 100644
--- a/Rocksolid_Light/rocksolid/newsportal.php
+++ b/Rocksolid_Light/rocksolid/newsportal.php
@@ -1302,6 +1302,10 @@ function verify_logged_in($name) {
$logged_in = false;
$ip_pass = false;
+ if(!isset($_COOKIE['mail_name']) || trim($_COOKIE['mail_name'] == '')) {
+ return false;
+ }
+
// For checking session expire stuff
if(!isset($_SESSION['start_stamp'])) {
$_SESSION['start_stamp'] = time();
diff --git a/Rocksolid_Light/spoolnews/mail.php b/Rocksolid_Light/spoolnews/mail.php
index ad624bb..4a47a7f 100644
--- a/Rocksolid_Light/spoolnews/mail.php
+++ b/Rocksolid_Light/spoolnews/mail.php
@@ -33,6 +33,27 @@ echo '';
echo 'mail / ';
echo htmlspecialchars($_POST['username']) . '
';
+$name = '';
+$logged_in = false;
+if (! isset($_POST['username'])) {
+ $_POST['username'] = $_COOKIE['mail_name'];
+}
+$name = trim(strtolower($_POST['username']));
+
+if (! isset($_POST['password'])) {
+ $_POST['password'] = null;
+}
+if (! isset($_COOKIE['mail_auth'])) {
+ $_COOKIE['mail_auth'] = null;
+}
+
+$logged_in = verify_logged_in(trim(strtolower($name)));
+if(!$logged_in) {
+ if ((password_verify($name . $keys[0] . get_user_config($name, 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($name . $keys[1] . get_user_config($name, 'encryptionkey'), $_COOKIE['mail_auth']))) {
+ $logged_in = true;
+ }
+}
+
echo '';
-if (isset($_POST['username'])) {
- $name = $_POST['username'];
- // Save name in cookie
- if ($setcookies == true) {
- setcookie("mail_name", stripslashes($name), time() + (3600 * 24 * 90), "/");
- }
-} else {
- if ($setcookies) {
- if ((isset($_COOKIE["mail_name"])) && (! isset($name))) {
- $name = $_COOKIE["mail_name"];
- } else {
- $name = '';
- }
- }
-}
-$logged_in = false;
-if(trim($name) != '') {
- $logged_in = verify_logged_in(trim(strtolower($name)));
-}
-
if ($logged_in !== true) {
echo '