fix: unset $_SESSION['phrase']

2024-11-22 17:28:41 +00:00 · 2023-01-22 15:46:41 +08:00 · 2023-01-22 15:46:41 +08:00 · 0571beca45
commit 0571beca45
parent 6fce5b6ca4
2 changed files with 8 additions and 1 deletions
--- a/web/app/controllers/app/image_hosting/index.php
+++ b/web/app/controllers/app/image_hosting/index.php
@ -36,9 +36,13 @@ if ($_POST['image_upload_file_submit'] == 'submit') {
 	}

 	if (!isset($_SESSION['phrase']) || !PhraseBuilder::comparePhrases($_SESSION['phrase'], $_POST['captcha'])) {
+		unset($_SESSION['phrase']);
+
 		throwError("bad_captcha");
 	}

+	unset($_SESSION['phrase']);
+
 	if ($_FILES["image_upload_file"]["error"] > 0) {
 		throwError($_FILES["image_upload_file"]["error"]);
 	}
--- a/web/app/controllers/forgot_pw.php
+++ b/web/app/controllers/forgot_pw.php
@ -38,9 +38,13 @@ $forgot_form->handle = function (&$vdata) {
 	$password = $user["password"];

 	if (!isset($_SESSION['phrase']) || !PhraseBuilder::comparePhrases($_SESSION['phrase'], $_POST['captcha'])) {
+		unset($_SESSION['phrase']);
+
 		becomeMsgPage('验证码错误！');
 	}

+	unset($_SESSION['phrase']);
+
 	if (!$user['email']) {
 		becomeMsgPage('用户未填写邮件地址，请联系管理员重置！');
 	}
@ -99,7 +103,6 @@ EOD;
 	}
 };
 $forgot_form->submit_button_config['align'] = 'offset';
-
 $forgot_form->runAtServer();
 ?>
 <?php echoUOJPageHeader('找回密码') ?>