Merge pull request #891 from wrongecho/login-encryption-fix

BUGFIX: Login with and actually decrypt the master encryption key

login.php

@@ -186,11 +186,11 @@ if (isset($_POST['login'])) {
             $_SESSION['logged'] = true;
 
             // Setup encryption session key
-            if (is_null($user_encryption_ciphertext) && $user_role > 1) {
+            if (isset($user_encryption_ciphertext) && $user_role > 1) {
                 $site_encryption_master_key = decryptUserSpecificKey($user_encryption_ciphertext, $password);
                 generateUserSessionKey($site_encryption_master_key);
 
-                // Setup extension
+                // Setup extension - currently unused
                 if (is_null($user_extension_key)) {
                     // Extension cookie
                     // Note: Browsers don't accept cookies with SameSite None if they are not HTTPS.
@@ -200,6 +200,7 @@ if (isset($_POST['login'])) {
                     $user_php_session = session_id();
                     mysqli_query($mysqli, "UPDATE users SET user_php_session = '$user_php_session' WHERE user_id = $user_id");
                 }
+
             }
 
             header("Location: $config_start_page");