Fix user role and other definitions

2024-02-22 12:15:15 -06:00 · 2024-02-22 12:15:15 -06:00 · 5d620d041a
parent 1d4271de36
commit 5d620d041a
1 changed files with 7 additions and 5 deletions
--- a/login.php
+++ b/login.php
@ -111,6 +111,9 @@ if (isset($_POST['login'])) {
        $user_email = sanitizeInput($row['user_email']);
        $token = sanitizeInput($row['user_token']);
        $force_mfa = intval($row['user_config_force_mfa']);
+        $user_role = intval($row['user_role']);
+        $user_encryption_ciphertext = $row['user_specific_encryption_ciphertext'];
+        $user_extension_key = $row['user_extension_key'];
        if($force_mfa == 1 && $token == NULL) {
            $config_start_page = "user_security.php";
        }
@ -178,21 +181,20 @@ if (isset($_POST['login'])) {
            // Session info
            $_SESSION['user_id'] = $user_id;
            $_SESSION['user_name'] = $user_name;
-            $_SESSION['user_role'] = intval($row['user_role']);
+            $_SESSION['user_role'] = $user_role;
            $_SESSION['csrf_token'] = randomString(156);
            $_SESSION['logged'] = true;

            // Setup encryption session key
-            if (isset($row['user_specific_encryption_ciphertext']) && $row['user_role'] > 1) {
-                $user_encryption_ciphertext = $row['user_specific_encryption_ciphertext'];
+            if (is_null($user_encryption_ciphertext) && $user_role > 1) {
                $site_encryption_master_key = decryptUserSpecificKey($user_encryption_ciphertext, $password);
                generateUserSessionKey($site_encryption_master_key);

                // Setup extension
-                if (isset($row['user_extension_key']) && !empty($row['user_extension_key'])) {
+                if (is_null($user_extension_key)) {
                    // Extension cookie
                    // Note: Browsers don't accept cookies with SameSite None if they are not HTTPS.
-                    setcookie("user_extension_key", "$row[user_extension_key]", ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'None']);
+                    setcookie("user_extension_key", "$user_extension_key", ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'None']);

                    // Set PHP session in DB, so we can access the session encryption data (above)
                    $user_php_session = session_id();