From bf05e34331c689cc31fbcdfb2905bece07fd3979 Mon Sep 17 00:00:00 2001
From: ztk <support@ztk.me>
Date: Tue, 13 Nov 2018 01:53:25 +0100
Subject: [PATCH] fixing notices, _POST['checkid'] and _GET['ref']

---
 lib/session.lib.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/session.lib.php b/lib/session.lib.php
index 30493fe..dcc3c79 100644
--- a/lib/session.lib.php
+++ b/lib/session.lib.php
@@ -17,8 +17,8 @@ if(isset($_POST['checkid'])){
 	if (!isset($_GET['logout'])) $_GET['logout'] = "";
 	if (!isset($_GET['ref'])) $_GET['ref'] = "0";
 }
-
-if ($_SESSION['werber'] == "0") $_SESSION['werber'] = (int)$_GET['ref'];
+if( ( !isset($_SESSION['werber']) || ("0" == $_SESSION['werber']) ) && isset($_GET['ref']) )
+    $_SESSION['werber'] = (int)$_GET['ref'];
 // Seiteneinstellungen laden...
 $pageconfig = mysqli_fetch_array(db_query("SELECT * FROM " . $db_prefix . "_seitenkonfig LIMIT 1"));
 
@@ -33,7 +33,7 @@ if ($pageconfig['wartung'] == 1 && $_SESSION['uid'] != $admin_id) {
     die();
 }
 // Login
-if ($_POST['checkid'] == 'Login' && $_POST['nickname'] && $_POST['passwort']) {
+if (isset($_POST['checkid']) && $_POST['checkid'] == 'Login' && $_POST['nickname'] && $_POST['passwort']) {
     $_POST['nickname'] = addslashes($_POST['nickname']);
 	
 	$pw = pw_erstellen($_POST['passwort']);
-- 
GitLab