From bc67f1028a1d6247d5cec6edb35733348d73e46f Mon Sep 17 00:00:00 2001
From: myvesta <38690722+myvesta@users.noreply.github.com>
Date: Tue, 12 Jul 2022 21:08:30 +0200
Subject: [PATCH] Fix for an boring PHP Notice in vesta-php

---
 web/inc/secure_login.php | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/web/inc/secure_login.php b/web/inc/secure_login.php
index 7f8c8d15..3dcdb0ae 100644
--- a/web/inc/secure_login.php
+++ b/web/inc/secure_login.php
@@ -63,8 +63,7 @@ function prevent_post_csrf ($hard_check=false) {
             if (isset($_SERVER['HTTP_ORIGIN']) == false) $_SERVER['HTTP_ORIGIN'] = '';
         }
         $_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']);
-        if (isset($_SERVER['HTTP_ORIGIN'])) $_SERVER['HTTP_ORIGIN'] = strtolower($_SERVER['HTTP_ORIGIN']);
-        else $_SERVER['HTTP_ORIGIN']='';
+        $_SERVER['HTTP_ORIGIN'] = strtolower($_SERVER['HTTP_ORIGIN']);
         if ($hard_check == false) {
             if (substr($_SERVER['HTTP_ORIGIN'], 0, 8) != "file:///" && substr($_SERVER['HTTP_ORIGIN'], 0, 7) != "http://" && substr($_SERVER['HTTP_ORIGIN'], 0, 8) != "https://") return;
         }
@@ -92,8 +91,6 @@ function prevent_get_csrf () {
     if (isset($_SERVER['SERVER_PORT']) == false) return;
     if (isset($_SERVER['HTTP_REFERER']) == false) return;
     $_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']);
-    if (isset($_SERVER['HTTP_ORIGIN'])) $_SERVER['HTTP_ORIGIN'] = strtolower($_SERVER['HTTP_ORIGIN']);
-    else $_SERVER['HTTP_ORIGIN']='';
     if (substr($_SERVER['HTTP_REFERER'], 0, 8) != "file:///" && substr($_SERVER['HTTP_REFERER'], 0, 7) != "http://" && substr($_SERVER['HTTP_REFERER'], 0, 8) != "https://") return;
     $host_arr = explode(":", $_SERVER['HTTP_HOST']);
     $hostname = $host_arr[0];