From aee7f2b9668b9c86feb5f0882e505dedaf48aad7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julio=20Cesar=20Laura=20Avenda=C3=B1o?=
 <contact@julio-laura.com>
Date: Fri, 18 May 2018 15:01:54 -0400
Subject: [PATCH] HOR-4575

---
 workflow/engine/methods/login/login.php          | 5 +++++
 workflow/engine/methods/login/sysLoginVerify.php | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/workflow/engine/methods/login/login.php b/workflow/engine/methods/login/login.php
index 58abe4dc6..24f3cf217 100644
--- a/workflow/engine/methods/login/login.php
+++ b/workflow/engine/methods/login/login.php
@@ -252,6 +252,11 @@ if ($timeZoneFailed) {
     $G_PUBLISH->AddContent('xmlform', 'xmlform', 'login' . PATH_SEP . 'TimeZoneAlert', '', $arrayData, SYS_URI . 'login/authentication.php');
 
     G::RenderPage('publish');
+
+    // Destroy a significant value in session
+    global $G_FORM;
+    unset($_SESSION[$G_FORM->id]['USR_PASSWORD']);
+
     exit(0);
 }
 /*----------------------------------********---------------------------------*/
diff --git a/workflow/engine/methods/login/sysLoginVerify.php b/workflow/engine/methods/login/sysLoginVerify.php
index 0c8acd5c3..e12cf1fcf 100644
--- a/workflow/engine/methods/login/sysLoginVerify.php
+++ b/workflow/engine/methods/login/sysLoginVerify.php
@@ -36,6 +36,8 @@ if (!isset($_POST)) {
 }
 if (isset($_SESSION['sysLogin'])) {
     $_POST['form'] = $_SESSION['sysLogin'];
+    // Destroy variables already assigned to the global variable $_POST
+    unset($_SESSION['sysLogin']);
 }
 
 require_once 'authentication.php';