From 1a898e353c086a87fc35a91ca6ccbcff7e96e9c1 Mon Sep 17 00:00:00 2001
From: Trevor Slocum <trevor@rocketnine.space>
Date: Wed, 28 Apr 2021 19:31:56 -0700
Subject: [PATCH] Prevent management panel reauthentication in a single request

Resolves #208.
---
 inc/functions.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/inc/functions.php b/inc/functions.php
index 7dc4c2d..cd6c7a2 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -366,6 +366,10 @@ function manageCheckLogIn($requireKey) {
 		$_SESSION['tinyib_key'] = hashData(TINYIB_MANAGEKEY);
 		$_SESSION['tinyib_username'] = $a['username'];
 		$_SESSION['tinyib_password'] = $a['password'];
+
+		// Prevent reauthentication
+		$_POST['username'] = '';
+		$_POST['managepassword'] = '';
 	}
 
 	if (isset($_SESSION['tinyib_username']) && isset($_SESSION['tinyib_password'])) {