Clear login session variables after success to prevent skipping username entry

5 years ago · 6d4144c78d
parent 51de8283b8
commit 6d4144c78d
1 changed files with 5 additions and 0 deletions
--- a/login/index.php
+++ b/login/index.php
@ -33,6 +33,11 @@ $error = "";

 function sendUserBack($code, $url, $uid) {
    global $database;
+    $_SESSION['check'] = null;
+    $_SESSION['thisstep'] = null;
+    $_SESSION['login_uid'] = null;
+    $_SESSION['login_code'] = null;
+    $_SESSION['login_pwd'] = null;
    $database->update("userloginkeys", ["uid" => $uid], ["key" => $code]);
    header("Location: $url");
    die("<a href=\"" . htmlspecialchars($url) . "\">Click here</a>");