makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Making logout somewhat more secure.

Browse source 
Language variables, take them while they're hot. (just one, so be quick)


git-svn-id: file:///svn/phpbb/trunk@7590 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Henry Sudhof 2007-05-15 16:02:00 +00:00
parent 7e05a3024b
commit 0b94cfb702
3 changed files with 17 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/includes/functions.php
View file

@ -3827,7 +3827,7 @@ function page_header($page_title = '', $display_online_list = true)
// Generate logged in/logged out status
if ($user->data['user_id'] != ANONYMOUS)
{
$u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout');
$u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout', true, $user->session_id);
$l_login_logout = sprintf($user->lang['LOGOUT_USER'], $user->data['username']);
}
else

1
phpBB/language/en/ucp.php
View file

@ -228,6 +228,7 @@ $lang = array_merge($lang, array(
'LINK_REMOTE_SIZE_EXPLAIN' => 'Specify the width and height of the avatar, leave blank to attempt automatic verification.',
'LOGIN_EXPLAIN_UCP' => 'Please login in order to access the User Control Panel.',
'LOGIN_REDIRECT' => 'You have been successfully logged in.',
'LOGOUT_FAILED' => 'You were not logged out, as the request did not match your session.',
'LOGOUT_REDIRECT' => 'You have been successfully logged out.',
'MARK_IMPORTANT' => 'Mark/Unmark as important',

11
phpBB/ucp.php
View file

@ -82,16 +82,21 @@ switch ($mode)
break;
case 'logout':
if ($user->data['user_id'] != ANONYMOUS)
if ($user->data['user_id'] != ANONYMOUS && (!empty($_GET['sid']) && ($_GET['sid'] == $user->session_id)))
{
$user->session_kill();
$user->session_begin();
$message = $user->lang['LOGOUT_REDIRECT'];
}
else
{
$message = $user->lang['LOGOUT_FAILED'];
}
meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));
$message = $user->lang['LOGOUT_REDIRECT'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a> ');
$message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a> ');
trigger_error($message);
break;
case 'terms':