Fix session user matching.

3 files changed, 3 insertions, 3 deletions

diff --git a/www/logged_in_p.pl b/www/logged_in_p.pl
index cbbb936..2e648fc 100755
--- a/www/logged_in_p.pl
+++ b/www/logged_in_p.pl
@@ -35,7 +35,7 @@ while (my $cgi = new CGI::Fast) {
 
   my $email        = $cgi->param('email')    or die "No email address supplied";
   my $session_user = $session->param('user');
-  if ($session_user ~~ email_users($email)) {
+  if ($session_user ~~ [email_users($email)]) {
     say encode_json({logged_in_p => 1});
   } else {
     say encode_json({logged_in_p => 0});
diff --git a/www/login.pl b/www/login.pl
index 9e0467e..852f57c 100755
--- a/www/login.pl
+++ b/www/login.pl
@@ -61,7 +61,7 @@ while (my $cgi = new CGI::Fast) {
   my $email    = $cgi->param('email')    or die "No email address provided";
   my $password = $cgi->param('password') or die "Empty password";
 
-  for my $user (email_users($email)) {
+  for my $user ([email_users($email)]) {
     #say STDERR "Trying user: $user";
     if (check_password($user, $password)) {
       $session->param('user', $user);
diff --git a/www/sign.pl b/www/sign.pl
index 53d7015..a0fd11f 100755
--- a/www/sign.pl
+++ b/www/sign.pl
@@ -86,7 +86,7 @@ while (my $cgi = new CGI::Fast) {
   if ($email =~ /^(.*?)@(.*)/) { $domain = $2; }
 
   die "User is not authorized to use this email address"
-    unless ($session_user ~~ email_users($email));
+    unless ($session_user ~~ [email_users($email)]);
 
   my $sig = sign $key, decode_json($user_pubkey), $email, $duration, $domain;
   say encode_json({signature => $sig});