if ($sth === false) return false;
+ if (substr($_SERVER['HTTP_REFERER'],-12) != '/?login=true'
+ || substr($_SERVER['SCRIPT_FILENAME'],-10) != '/index.php') {
+ error_log('Wrong referrer or wrong request uri');
+ return false;
+ }
+
if ($row = pg_fetch_assoc($sth)) {
$_SESSION['sys'] = array('uid' => $row['id'],
'login' => $row['login'],
'name' => $row['name'],
- 'email' => $row['email']);
+ 'email' => $row['email'],
+ 'basedir' => substr($_SERVER['SCRIPT_FILENAME'],0,-9));
return true;
}