From a675271ad71b7713d1b33bdba3c51b2b04813229 Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sun, 15 Nov 2015 12:50:33 -0500
Subject: Rewrite of session management

---
 app/Model/Authentication.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'app/Model/Authentication.php')

diff --git a/app/Model/Authentication.php b/app/Model/Authentication.php
index 11e32313..83d85433 100644
--- a/app/Model/Authentication.php
+++ b/app/Model/Authentication.php
@@ -45,11 +45,11 @@ class Authentication extends Base
 
             // Check if the user session match an existing user
             $userNotFound = ! $this->user->exists($this->userSession->getId());
-            $reverseProxyWrongUser = REVERSE_PROXY_AUTH && $this->backend('reverseProxy')->getUsername() !== $_SESSION['user']['username'];
+            $reverseProxyWrongUser = REVERSE_PROXY_AUTH && $this->backend('reverseProxy')->getUsername() !== $this->userSession->getUsername();
 
             if ($userNotFound || $reverseProxyWrongUser) {
                 $this->backend('rememberMe')->destroy($this->userSession->getId());
-                $this->session->close();
+                $this->sessionManager->close();
                 return false;
             }
 
@@ -176,8 +176,12 @@ class Authentication extends Base
     public function validateFormCaptcha(array $values)
     {
         if ($this->hasCaptcha($values['username'])) {
+            if (! isset($this->sessionStorage->captcha)) {
+                return false;
+            }
+
             $builder = new CaptchaBuilder;
-            $builder->setPhrase($this->session['captcha']);
+            $builder->setPhrase($this->sessionStorage->captcha);
             return $builder->testPhrase(isset($values['captcha']) ? $values['captcha'] : '');
         }
 
-- 
cgit v1.2.3