diff --git a/Rocksolid_Light/common/header.php b/Rocksolid_Light/common/header.php
index 80c3e3d..c1753fc 100644
--- a/Rocksolid_Light/common/header.php
+++ b/Rocksolid_Light/common/header.php
@@ -21,7 +21,11 @@ $CONFIG = include $config_file;
$menulist = file($config_dir."menu.conf", FILE_IGNORE_NEW_LINES);
$linklist = file($config_dir."links.conf", FILE_IGNORE_NEW_LINES);
-$user = strtolower($_COOKIE['mail_name']);
+if(isset($_COOKIE['mail_name']) && isset($_COOKIE['pkey'])) {
+ $user = strtolower($_COOKIE['mail_name']);
+} else {
+ unset($user);
+}
if(!isset($_SESSION['theme']) && file_exists($config_dir.'/userconfig/'.$user.'.config')) {
$user_config = unserialize(file_get_contents($config_dir.'/userconfig/'.$user.'.config'));
$_SESSION['theme'] = $user_config['theme'];
@@ -57,7 +61,7 @@ if (file_exists($rootdir.'common/themes/'.$_SESSION['theme'].'/images/rocksolidl
';
- if(isset($_COOKIE['mail_name'])) {
+ if(isset($user)) {
echo '('.$_COOKIE['mail_name'].')';
} else {
echo 'login';
diff --git a/Rocksolid_Light/spoolnews/user.php b/Rocksolid_Light/spoolnews/user.php
index 70ff998..672b7bf 100644
--- a/Rocksolid_Light/spoolnews/user.php
+++ b/Rocksolid_Light/spoolnews/user.php
@@ -19,6 +19,8 @@ if($_POST['command'] == 'Logout') {
setcookie('mail_auth', null, -1, '/');
unset($_COOKIE['cookie_name']);
setcookie('cookie_name', null, -1, '/');
+ unset($_COOKIE['pkey']);
+ setcookie('pkey', null, -1, '/');
unset($_SESSION['theme']);
unset($_POST['username']);
include "head.inc";
@@ -35,7 +37,7 @@ include "head.inc";
$_POST['username'] = $_COOKIE['mail_name'];
}
$name = $_POST['username'];
- if((password_verify($_POST['username'].$keys[0].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'].$keys[1].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['mail_auth']))) {
+ if(((get_user_mail_auth_data($_COOKIE['mail_name'])) && password_verify($_POST['username'].$keys[0].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'].$keys[1].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['mail_auth']))) {
$logged_in = true;
} else {
if(check_bbs_auth($_POST['username'], $_POST['password'])) {
|