Electric Boogaloo 2: Logout update
This commit is contained in:
parent
61c4076786
commit
09cbba9ac6
6 changed files with 96 additions and 45 deletions
|
@ -38,7 +38,7 @@ class Session {
|
|||
'skey' => $session,
|
||||
'started' => time(),
|
||||
'expire' => time() + 604800,
|
||||
'remember' => $remember
|
||||
'remember' => $remember ? '1' : '0'
|
||||
]);
|
||||
|
||||
// Return the session key
|
||||
|
@ -86,7 +86,7 @@ class Session {
|
|||
return false;
|
||||
|
||||
// Run the query
|
||||
Database::delete('sessions', [($key ? 'skey' : 'id'), [$sessionId, '=']]);
|
||||
Database::delete('sessions', [($key ? 'skey' : 'id') => [$sessionId, '=']]);
|
||||
|
||||
// Return true if key was found and deleted
|
||||
return true;
|
||||
|
|
|
@ -126,7 +126,7 @@ class Users {
|
|||
return false;
|
||||
|
||||
// Remove the active session from the database
|
||||
if(!Session::deleteSession($id, true))
|
||||
if(!Session::deleteSession(Session::$sessionId, true))
|
||||
return false;
|
||||
|
||||
// Set cookies
|
||||
|
|
|
@ -54,7 +54,7 @@ $renderData = array(
|
|||
'version' => SAKURA_VERSION,
|
||||
'urls' => Configuration::getLocalConfig('urls'),
|
||||
'charset' => Configuration::getConfig('charset'),
|
||||
'currentpage' => $_SERVER['PHP_SELF'],
|
||||
'currentpage' => '//'. $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'],
|
||||
'recaptcha_public' => Configuration::getConfig('recaptcha_public'),
|
||||
'resources' => '//'. Configuration::getLocalConfig('urls')['content'] .'/data/'. strtolower(Templates::$_TPL)
|
||||
],
|
||||
|
|
|
@ -55,8 +55,12 @@
|
|||
</div>
|
||||
<div class="menu-ucp" id="navMenuUser">
|
||||
<!-- User menu, displayed on right side of the bar. -->
|
||||
{% if user.checklogin %}
|
||||
<a class="menu-item" href="http://{{ sakura.urls.main }}/logout?mode=logout&time={{ php.time }}&session={{ php.sessionid }}&redirect={{ sakura.currentpage }}" title="End your login session">Logout</a>
|
||||
{% else %}
|
||||
<a class="menu-item" id="headerLoginLink" href="http://{{ sakura.urls.main }}/login" title="Login to Flashii">Login</a>
|
||||
<a class="menu-item" href="http://{{ sakura.urls.main }}/register" title="Create an account">Register</a>
|
||||
{% endif %}
|
||||
</div>
|
||||
<div class="menu-mob">
|
||||
<a class="menu-item" id="mobileNavToggle" href="javascript:;" onclick="mobileMenu(true);">Open Menu</a>
|
||||
|
|
|
@ -17,7 +17,7 @@ Options +FollowSymLinks -Indexes
|
|||
RewriteRule ^feedback?/?$ http://forum.flash.moe/viewforum.php?f=22
|
||||
RewriteRule ^credits?/?$ credits.php
|
||||
RewriteRule ^index?/?$ index.php
|
||||
RewriteRule ^login?/?$|register?/?$|forgotpassword?/?|authenticate?/?$ authenticate.php
|
||||
RewriteRule ^login?/?$|logout?/?$|register?/?$|forgotpassword?/?|authenticate?/?$ authenticate.php
|
||||
RewriteRule ^donate?/?$ donate.php
|
||||
RewriteRule ^contact?/?$ contact.php
|
||||
|
||||
|
|
|
@ -16,8 +16,54 @@ if(
|
|||
isset($_REQUEST['session'])
|
||||
) {
|
||||
|
||||
// Continue
|
||||
$continue = true;
|
||||
|
||||
// Compare time and session so we know the link isn't forged
|
||||
if($_REQUEST['time'] < time() - 1000) {
|
||||
|
||||
$renderData['page'] = [
|
||||
'title' => 'Action failed',
|
||||
'redirect' => '/authenticate',
|
||||
'message' => 'Timestamps differ too much, please try again.'
|
||||
];
|
||||
|
||||
// Prevent
|
||||
$continue = false;
|
||||
|
||||
}
|
||||
|
||||
// Match session ids for the same reason
|
||||
if($_REQUEST['session'] != session_id()) {
|
||||
|
||||
$renderData['page'] = [
|
||||
'title' => 'Action failed',
|
||||
'redirect' => '/authenticate',
|
||||
'message' => 'Session IDs do not match.'
|
||||
];
|
||||
|
||||
// Prevent
|
||||
$continue = false;
|
||||
|
||||
}
|
||||
|
||||
if($continue) {
|
||||
switch($_REQUEST['mode']) {
|
||||
|
||||
case 'logout':
|
||||
|
||||
// Attempt logout
|
||||
$logout = Users::logout();
|
||||
|
||||
// Add page specific data
|
||||
$renderData['page'] = [
|
||||
'title' => 'Logout',
|
||||
'redirect' => ($logout ? $_REQUEST['redirect'] : '/authenticate'),
|
||||
'message' => $logout ? 'You are now logged out.' : 'Logout failed.'
|
||||
];
|
||||
|
||||
break;
|
||||
|
||||
// Login processing
|
||||
case 'login':
|
||||
|
||||
|
@ -67,6 +113,7 @@ if(
|
|||
break;
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
// Print page contents or if the AJAX request is set only display the render data
|
||||
print isset($_REQUEST['ajax']) ?
|
||||
|
|
Reference in a new issue