makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Making logout somewhat more secure.

Browse source 
Language variables, take them while they're hot. (just one, so be quick)


git-svn-id: file:///svn/phpbb/trunk@7590 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Henry Sudhof 2007-05-15 16:02:00 +00:00
parent 7e05a3024b
commit 0b94cfb702
3 changed files with 17 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/includes/functions.php
View file

@ -3827,7 +3827,7 @@ function page_header($page_title = '', $display_online_list = true)
// Generate logged in/logged out status // Generate logged in/logged out status
if ($user->data['user_id'] != ANONYMOUS) if ($user->data['user_id'] != ANONYMOUS)
{ {
$u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout'); $u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout', true, $user->session_id);
$l_login_logout = sprintf($user->lang['LOGOUT_USER'], $user->data['username']); $l_login_logout = sprintf($user->lang['LOGOUT_USER'], $user->data['username']);
} }
else else

1
phpBB/language/en/ucp.php
View file

@ -228,6 +228,7 @@ $lang = array_merge($lang, array(
'LINK_REMOTE_SIZE_EXPLAIN' => 'Specify the width and height of the avatar, leave blank to attempt automatic verification.', 'LINK_REMOTE_SIZE_EXPLAIN' => 'Specify the width and height of the avatar, leave blank to attempt automatic verification.',
'LOGIN_EXPLAIN_UCP' => 'Please login in order to access the User Control Panel.', 'LOGIN_EXPLAIN_UCP' => 'Please login in order to access the User Control Panel.',
'LOGIN_REDIRECT' => 'You have been successfully logged in.', 'LOGIN_REDIRECT' => 'You have been successfully logged in.',
'LOGOUT_FAILED' => 'You were not logged out, as the request did not match your session.',
'LOGOUT_REDIRECT' => 'You have been successfully logged out.', 'LOGOUT_REDIRECT' => 'You have been successfully logged out.',
'MARK_IMPORTANT' => 'Mark/Unmark as important', 'MARK_IMPORTANT' => 'Mark/Unmark as important',

11
phpBB/ucp.php
View file

@ -82,16 +82,21 @@ switch ($mode)
break; break;
case 'logout': case 'logout':
if ($user->data['user_id'] != ANONYMOUS) if ($user->data['user_id'] != ANONYMOUS && (!empty($_GET['sid']) && ($_GET['sid'] == $user->session_id)))
{ {
$user->session_kill(); $user->session_kill();
$user->session_begin(); $user->session_begin();
$message = $user->lang['LOGOUT_REDIRECT'];
}
else
{
$message = $user->lang['LOGOUT_FAILED'];
} }
meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx")); meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));
$message = $user->lang['LOGOUT_REDIRECT'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a> '); $message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a> ');
trigger_error($message); trigger_error($message);
break; break;
case 'terms': case 'terms':