From 898fcfae0f94e5dfeaa6f1c360924fedc0f7b072 Mon Sep 17 00:00:00 2001
From: Wesley Miaw <josuah@users.sourceforge.net>
Date: Wed, 26 Nov 2003 01:01:33 +0000
Subject: Fix to use older predefined variables for compatibility with PHP <
 4.1.0. Corrected logic for detecting an invalid login.

---
 functions/init.inc.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/functions/init.inc.php b/functions/init.inc.php
index 846ab26..c6c623c 100644
--- a/functions/init.inc.php
+++ b/functions/init.inc.php
@@ -55,10 +55,12 @@ if (!isset($_SERVER['PHP_AUTH_USER'])) {
 	else if (isset($HTTP_POST_VARS['password']))	$password = $HTTP_POST_VARS['password'];
 
 	// Grab the action (login or logout).
-	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+	if (isset($HTTP_GET_VARS['action']))			$action = $HTTP_GET_VARS['action'];
+	else if (isset($HTTP_POST_VARS['action']))		$action = $HTTP_POST_VARS['action'];
+	else											$action = '';
 
 	// Check to make sure the username and password is valid.
-	if (!key_exists("$username:$password", $locked_map)) {
+	if ($action == 'login' && !key_exists("$username:$password", $locked_map)) {
 		// Don't login, instead logout.
 		$action = 'logout';
 
-- 
cgit v1.2.3