diff --git a/phpBB/includes/page_header.php b/phpBB/includes/page_header.php
index 1118ae01c6..9c321055dc 100644
--- a/phpBB/includes/page_header.php
+++ b/phpBB/includes/page_header.php
@@ -70,12 +70,12 @@ $template->set_filenames(array(
//
if ( $userdata['session_logged_in'] )
{
- $u_login_logout = 'login.'.$phpEx.'?logout=true';
+ $u_login_logout = 'login.'.$phpEx.'?logout=true&sid=' . $userdata['session_id'];
$l_login_logout = $lang['Logout'] . ' [ ' . $userdata['username'] . ' ]';
}
else
{
- $u_login_logout = 'login.'.$phpEx;
+ $u_login_logout = 'login.'.$phpEx . '&sid=' . $userdata['session_id'];
$l_login_logout = $lang['Login'];
}
diff --git a/phpBB/login.php b/phpBB/login.php
index d6f3ef07b0..ebe51240ec 100644
--- a/phpBB/login.php
+++ b/phpBB/login.php
@@ -40,13 +40,24 @@ init_userprefs($userdata);
// End session management
//
+// session id check
+if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
+{
+ $sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
+}
+else
+{
+ $sid = '';
+}
+
if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) )
{
- //
- // This appears to work for IIS5 CGI under Win2K. Uses getenv
- // since this doesn't exist for ISAPI mode and therefore the
- // normal Location redirector is used in preference
- //
+ // session id check
+ if ($sid == '' || $sid != $userdata['session_id'])
+ {
+ message_die(ERROR, 'Invalid_session');
+ }
+
if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] )
{
$username = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';
@@ -90,10 +101,10 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
$redirect = str_replace("?", "&", $redirect);
$template->assign_vars(array(
- 'META' => '')
+ 'META' => '')
);
- $message = $lang['Error_login'] . '
' . sprintf($lang['Click_return_login'], '', '') . '
' . sprintf($lang['Click_return_index'], '', '');
+ $message = $lang['Error_login'] . '
' . sprintf($lang['Click_return_login'], '', '') . '
' . sprintf($lang['Click_return_index'], '', '');
message_die(GENERAL_MESSAGE, $message);
}
@@ -105,10 +116,10 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
$redirect = str_replace("?", "&", $redirect);
$template->assign_vars(array(
- 'META' => '')
+ 'META' => '')
);
- $message = $lang['Error_login'] . '
' . sprintf($lang['Click_return_login'], '', '') . '
' . sprintf($lang['Click_return_index'], '', '');
+ $message = $lang['Error_login'] . '
' . sprintf($lang['Click_return_login'], '', '') . '
' . sprintf($lang['Click_return_index'], '', '');
message_die(GENERAL_MESSAGE, $message);
}
@@ -190,7 +201,7 @@ else
$username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : '';
- $s_hidden_fields = '';
+ $s_hidden_fields = '';
make_jumpbox('viewforum.'.$phpEx, $forum_id);
$template->assign_vars(array(