Merge pull request hestiacp#1136 from hestiacp/fix/2020-09-fix_delete_post_on_session_mismatch

Delete POST/GET/SESSION data on session token mismatch

Author: ScIT-Raphael

web/login/index.php

@@ -98,7 +98,7 @@ function authenticate_user(){
                 if ($data[$_POST['user']]['TWOFA'] != '') {
                    if (empty($_POST['twofa'])){
                        return false;
-                   }else{
+                   } else {
                         $v_twofa = $_POST['twofa'];
                         exec(HESTIA_CMD ."v-check-user-2fa ".$v_user." ".$v_twofa, $output, $return_var);
                         unset($output);
@@ -148,6 +148,13 @@ function authenticate_user(){
                 }
             }
         }
+    } else {
+        unset($_POST);
+        unset($_GET);
+        unset($_SESSION);
+        session_destroy();
+        session_start();
+        return false;
     }
 }
 
@@ -190,4 +197,4 @@ function authenticate_user(){
 } else {
     require_once('../templates/login.html');
 }
-?>
+?>