From 84696ccc75679a9054888794d0f4eaa0357030bf Mon Sep 17 00:00:00 2001
From: "Paul S. Owen" <psotfx@users.sourceforge.net>
Date: Tue, 3 Dec 2002 20:22:35 +0000
Subject: [PATCH] oops, check on logout, not login

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3171 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/login.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/phpBB/login.php b/phpBB/login.php
index ebe51240ec..112a6a048d 100644
--- a/phpBB/login.php
+++ b/phpBB/login.php
@@ -52,12 +52,6 @@ else
 
 if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) )
 {
-	// session id check
-	if ($sid == '' || $sid != $userdata['session_id'])
-	{
-		message_die(ERROR, 'Invalid_session');
-	}
-
 	if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] )
 	{
 		$username = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';
@@ -126,6 +120,12 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
 	}
 	else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] )
 	{
+		// session id check
+		if ($sid == '' || $sid != $userdata['session_id'])
+		{
+			message_die(ERROR, 'Invalid_session');
+		}
+
 		if( $userdata['session_logged_in'] )
 		{
 			session_end($userdata['session_id'], $userdata['user_id']);