diff --git a/login.php b/login.php index ef6976651..68aa116c5 100644 --- a/login.php +++ b/login.php @@ -111,6 +111,9 @@ $user_email = sanitizeInput($row['user_email']); $token = sanitizeInput($row['user_token']); $force_mfa = intval($row['user_config_force_mfa']); + $user_role = intval($row['user_role']); + $user_encryption_ciphertext = $row['user_specific_encryption_ciphertext']; + $user_extension_key = $row['user_extension_key']; if($force_mfa == 1 && $token == NULL) { $config_start_page = "user_security.php"; } @@ -178,21 +181,20 @@ // Session info $_SESSION['user_id'] = $user_id; $_SESSION['user_name'] = $user_name; - $_SESSION['user_role'] = intval($row['user_role']); + $_SESSION['user_role'] = $user_role; $_SESSION['csrf_token'] = randomString(156); $_SESSION['logged'] = true; // Setup encryption session key - if (isset($row['user_specific_encryption_ciphertext']) && $row['user_role'] > 1) { - $user_encryption_ciphertext = $row['user_specific_encryption_ciphertext']; + if (is_null($user_encryption_ciphertext) && $user_role > 1) { $site_encryption_master_key = decryptUserSpecificKey($user_encryption_ciphertext, $password); generateUserSessionKey($site_encryption_master_key); // Setup extension - if (isset($row['user_extension_key']) && !empty($row['user_extension_key'])) { + if (is_null($user_extension_key)) { // Extension cookie // Note: Browsers don't accept cookies with SameSite None if they are not HTTPS. - setcookie("user_extension_key", "$row[user_extension_key]", ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'None']); + setcookie("user_extension_key", "$user_extension_key", ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'None']); // Set PHP session in DB, so we can access the session encryption data (above) $user_php_session = session_id();