From ac4afc2345f3b9b469d3cad523773811cdb0b9ff Mon Sep 17 00:00:00 2001 From: x2000habouzit Date: Wed, 1 Oct 2003 13:13:56 +0000 Subject: [PATCH] easier to hack --- install.d/session.inc.php | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/install.d/session.inc.php b/install.d/session.inc.php index 182558c..1982d3f 100644 --- a/install.d/session.inc.php +++ b/install.d/session.inc.php @@ -9,17 +9,8 @@ session_start(); -//sets sessions variables -if (!isset($_SESSION['profile']) && (!isset($_POST['action']) || -(isset($_POST['action']) && ($_POST['action']!="OK")))) { - require("include/profile.inc.php"); - $profile=getprofile(); - require($profile['locale']); - require("header.inc.php"); - require("profile_form.inc.php"); - require("footer.inc.php"); - exit; -} elseif (!isset($_SESSION['profile'])) { +// verify if a profile has been submitted +if (!isset($_SESSION['profile']) && isset($_POST['action'] && $_POST['action']!="OK")) { $_SESSION['name'] = $_POST['profile_name']; $_SESSION['mail'] = $_POST['profile_mail']; $_SESSION['org'] = $_POST['profile_org']; @@ -30,6 +21,17 @@ if (!isset($_SESSION['profile']) && (!isset($_POST['action']) || $_SESSION['profile'] = true; } +//sets sessions variables +if (!isset($_SESSION['profile'])) { + require("include/profile.inc.php"); + $profile=getprofile(); + require($profile['locale']); + require("header.inc.php"); + require("profile_form.inc.php"); + require("footer.inc.php"); + exit; +} + // refresh-post protection $sname = $_SERVER['SCRIPT_NAME']; $array = explode('/',$sname); -- 2.1.4