From c3be8ed64c601e0b15645664d58cec7ace17b5cb Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Thu, 6 Jan 2011 12:41:16 +0000
Subject: Make sure an existing session is killed/replaced when submitting
 login form

---
 CHANGELOG                          | 1 +
 index.php                          | 2 +-
 program/include/rcmail.php         | 2 +-
 program/include/rcube_template.php | 4 +++-
 4 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index e9af27849..7061bf00d 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Fix double-login/session issue (#1487104)
 - Wrap HTML parts with <html><body> and add Doctype declaration (#1487098)
 - Make rcube_autoload silently skip unknown classes (#1487109)
 - Fix charset detection in vcards with encoded values (#1485542)
diff --git a/index.php b/index.php
index 47b08eff8..8c9370e8c 100644
--- a/index.php
+++ b/index.php
@@ -104,7 +104,7 @@ if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') {
     rcmail_log_login();
 
     // restore original request parameters
-    $query = array();
+    $query = array('_task' => 'mail');
     if ($url = get_input_value('_url', RCUBE_INPUT_POST))
       parse_str($url, $query);
 
diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index afdb77cd1..e4078a72f 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -208,7 +208,7 @@ class rcmail
     $task = asciiwords($task);
 
     if ($this->user && $this->user->ID)
-      $task = !$task || $task == 'login' ? 'mail' : $task;
+      $task = !$task ? 'mail' : $task;
     else
       $task = 'login';
 
diff --git a/program/include/rcube_template.php b/program/include/rcube_template.php
index d6ea3dce2..e914d2e96 100755
--- a/program/include/rcube_template.php
+++ b/program/include/rcube_template.php
@@ -1059,6 +1059,7 @@ class rcube_template extends rcube_html_page
         $host_attrib = $autocomplete > 0 ? array() : array('autocomplete' => 'off');
         $pass_attrib = $autocomplete > 1 ? array() : array('autocomplete' => 'off');
 
+        $input_task   = new html_hiddenfield(array('name' => '_task', 'value' => 'login'));
         $input_action = new html_hiddenfield(array('name' => '_action', 'value' => 'login'));
         $input_tzone  = new html_hiddenfield(array('name' => '_timezone', 'id' => 'rcmlogintz', 'value' => '_default_'));
         $input_url    = new html_hiddenfield(array('name' => '_url', 'id' => 'rcmloginurl', 'value' => $url));
@@ -1109,7 +1110,8 @@ class rcube_template extends rcube_html_page
             $table->add(null, $input_host->show(get_input_value('_host', RCUBE_INPUT_GPC)));
         }
 
-        $out = $input_action->show();
+        $out  = $input_task->show();
+        $out .= $input_action->show();
         $out .= $input_tzone->show();
         $out .= $input_url->show();
         $out .= $table->show();
-- 
cgit v1.2.3