- {
- show_message("cookiesdisabled", 'warning');
- }
- else if (isset($_POST['_user']) && isset($_POST['_pass']) &&
- rcmail_login(get_input_value('_user', RCUBE_INPUT_POST), $_POST['_pass'], $host))
- {
+ {
+ $OUTPUT->show_message("cookiesdisabled", 'warning');
+ }
+ else if ($_SESSION['temp'] && !empty($_POST['_user']) && isset($_POST['_pass']) &&
+ rcmail_login(get_input_value('_user', RCUBE_INPUT_POST),
+ get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'), $host))
+ {
+ // create new session ID
+ unset($_SESSION['temp']);
+ sess_regenerate_id();
+
+ // send auth cookie if necessary
+ rcmail_authenticate_session();
+