2 files changed, 7 insertions, 9 deletions

diff --git a/web/lib/aur.inc b/web/lib/aur.inc
index 4715648..0258060 100644
--- a/web/lib/aur.inc
+++ b/web/lib/aur.inc
@@ -78,7 +78,7 @@ function check_sid() {
 		$q = "SELECT LastUpdateTS, UNIX_TIMESTAMP() FROM Sessions ";
 		$q.= "WHERE SessionID = '" . mysql_real_escape_string($_COOKIE["AURSID"]) . "'";
 		$result = db_query($q, $dbh);
-		if (!$result) {
+		if (mysql_num_rows($result) == 0) {
 			# Invalid SessionID - hacker alert!
 			#
 			$failed = 1;
@@ -91,12 +91,10 @@ function check_sid() {
 		}
 		if ($failed == 1) {
 			# clear out the hacker's cookie, and send them to a naughty page
+			# why do you have to be so harsh on these people!?
 			#
 			setcookie("AURSID", "", time() - (60*60*24*30), "/");
-			# I think it's probably safe to do the same as below with this
-			# but not really vital at this point
-			header("Location: /hacker.php");
-
+			unset($_COOKIE['AURSID']);
 		} elseif ($failed == 2) {
 			# visitor's session id either doesn't exist, or the timeout
 			# was reached and they must login again, send them back to
diff --git a/web/template/header.php b/web/template/header.php
index 5230dc5..440cb24 100644
--- a/web/template/header.php
+++ b/web/template/header.php
@@ -68,7 +68,10 @@ foreach ($SUPPORTED_LANGS as $lang => $lang_name) {
       <br />
       <div style="text-align: right; padding-right: 10px">
 <?php
-if (!isset($_COOKIE["AURSID"])) {
+if (isset($_COOKIE["AURSID"])) {
+  print __("Logged-in as: %h%s%h",
+			array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>"));
+} else {
 	if ($login_error) {
 		print "<span class='error'>" . $login_error . "</span><br />\n";
   }
@@ -81,9 +84,6 @@ if (!isset($_COOKIE["AURSID"])) {
         <input type='submit' class='button' value='<?php  print __("Login"); ?>'>
         </form>
 <?php
-} else {
-	print __("Logged-in as: %h%s%h",
-			array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>"));
 }
 ?>
     </div>