Electric Boogaloo 2: Logout update

This commit is contained in:
flash 2015-04-17 22:51:53 +00:00
parent 61c4076786
commit 09cbba9ac6
6 changed files with 96 additions and 45 deletions

View file

@ -38,7 +38,7 @@ class Session {
'skey' => $session,
'started' => time(),
'expire' => time() + 604800,
'remember' => $remember
'remember' => $remember ? '1' : '0'
]);
// Return the session key
@ -86,7 +86,7 @@ class Session {
return false;
// Run the query
Database::delete('sessions', [($key ? 'skey' : 'id'), [$sessionId, '=']]);
Database::delete('sessions', [($key ? 'skey' : 'id') => [$sessionId, '=']]);
// Return true if key was found and deleted
return true;

View file

@ -126,7 +126,7 @@ class Users {
return false;
// Remove the active session from the database
if(!Session::deleteSession($id, true))
if(!Session::deleteSession(Session::$sessionId, true))
return false;
// Set cookies

View file

@ -54,7 +54,7 @@ $renderData = array(
'version' => SAKURA_VERSION,
'urls' => Configuration::getLocalConfig('urls'),
'charset' => Configuration::getConfig('charset'),
'currentpage' => $_SERVER['PHP_SELF'],
'currentpage' => '//'. $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'],
'recaptcha_public' => Configuration::getConfig('recaptcha_public'),
'resources' => '//'. Configuration::getLocalConfig('urls')['content'] .'/data/'. strtolower(Templates::$_TPL)
],

View file

@ -55,8 +55,12 @@
</div>
<div class="menu-ucp" id="navMenuUser">
<!-- User menu, displayed on right side of the bar. -->
{% if user.checklogin %}
<a class="menu-item" href="http://{{ sakura.urls.main }}/logout?mode=logout&time={{ php.time }}&session={{ php.sessionid }}&redirect={{ sakura.currentpage }}" title="End your login session">Logout</a>
{% else %}
<a class="menu-item" id="headerLoginLink" href="http://{{ sakura.urls.main }}/login" title="Login to Flashii">Login</a>
<a class="menu-item" href="http://{{ sakura.urls.main }}/register" title="Create an account">Register</a>
{% endif %}
</div>
<div class="menu-mob">
<a class="menu-item" id="mobileNavToggle" href="javascript:;" onclick="mobileMenu(true);">Open Menu</a>

View file

@ -17,7 +17,7 @@ Options +FollowSymLinks -Indexes
RewriteRule ^feedback?/?$ http://forum.flash.moe/viewforum.php?f=22
RewriteRule ^credits?/?$ credits.php
RewriteRule ^index?/?$ index.php
RewriteRule ^login?/?$|register?/?$|forgotpassword?/?|authenticate?/?$ authenticate.php
RewriteRule ^login?/?$|logout?/?$|register?/?$|forgotpassword?/?|authenticate?/?$ authenticate.php
RewriteRule ^donate?/?$ donate.php
RewriteRule ^contact?/?$ contact.php

View file

@ -16,8 +16,54 @@ if(
isset($_REQUEST['session'])
) {
// Continue
$continue = true;
// Compare time and session so we know the link isn't forged
if($_REQUEST['time'] < time() - 1000) {
$renderData['page'] = [
'title' => 'Action failed',
'redirect' => '/authenticate',
'message' => 'Timestamps differ too much, please try again.'
];
// Prevent
$continue = false;
}
// Match session ids for the same reason
if($_REQUEST['session'] != session_id()) {
$renderData['page'] = [
'title' => 'Action failed',
'redirect' => '/authenticate',
'message' => 'Session IDs do not match.'
];
// Prevent
$continue = false;
}
if($continue) {
switch($_REQUEST['mode']) {
case 'logout':
// Attempt logout
$logout = Users::logout();
// Add page specific data
$renderData['page'] = [
'title' => 'Logout',
'redirect' => ($logout ? $_REQUEST['redirect'] : '/authenticate'),
'message' => $logout ? 'You are now logged out.' : 'Logout failed.'
];
break;
// Login processing
case 'login':
@ -67,6 +113,7 @@ if(
break;
}
}
// Print page contents or if the AJAX request is set only display the render data
print isset($_REQUEST['ajax']) ?