Update check_auth.php

resources/check_auth.php

@@ -53,10 +53,10 @@
 	}
 
 //if the username session is not set the check username and password
-	if (strlen($_SESSION['username']) == 0 && isset($_REQUEST["username"]) && isset($_REQUEST["password"])) {
+	if (strlen($_SESSION['username']) == 0) {
 
 		//clear the menu
-			$_SESSION["menu"] = "";
+			unset($_SESSION["menu"]);
 
 		//clear the template only if the template has not been assigned by the superadmin
 			if (strlen($_SESSION['domain']['template']['name']) == 0) {
@@ -65,11 +65,11 @@
 
 		//validate the username and password
 			$auth = new authentication;
-			if (strlen($_REQUEST["username"]) > 0) {
+			if (isset($_REQUEST["username"]) && isset($_REQUEST["password"])) {
 				$auth->username = $_REQUEST["username"];
 				$auth->password = $_REQUEST["password"];
 			}
-			if (strlen($_REQUEST["key"]) > 0) {
+			if (isset($_REQUEST["key"])) {
 				$auth->key = $_REQUEST["key"];
 			}
 			$auth->debug = false;
@@ -97,6 +97,7 @@
 					openlog('FusionPBX', LOG_NDELAY, LOG_AUTH);
 					syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] authentication failed for ".$result["username"]);
 					closelog();
+
 				//redirect the user to the login page
 					$target_path = ($_REQUEST["path"] != '') ? $_REQUEST["path"] : $_SERVER["PHP_SELF"];
 					messages::add($text['message-invalid_credentials'], 'negative');