diff options
| author | Henry Sudhof <kellanved@phpbb.com> | 2007-05-15 16:02:00 +0000 |
|---|---|---|
| committer | Henry Sudhof <kellanved@phpbb.com> | 2007-05-15 16:02:00 +0000 |
| commit | 0b94cfb70259e27db9ff892bc1251132269d6247 (patch) | |
| tree | fd1b7e21e56b4caeab4cd184d82d699fefcd1189 /phpBB/ucp.php | |
| parent | 7e05a3024be7da56b595115e6bbeb116b2f335b9 (diff) | |
| download | forums-0b94cfb70259e27db9ff892bc1251132269d6247.tar forums-0b94cfb70259e27db9ff892bc1251132269d6247.tar.gz forums-0b94cfb70259e27db9ff892bc1251132269d6247.tar.bz2 forums-0b94cfb70259e27db9ff892bc1251132269d6247.tar.xz forums-0b94cfb70259e27db9ff892bc1251132269d6247.zip | |
Making logout somewhat more secure.
Language variables, take them while they're hot. (just one, so be quick)
git-svn-id: file:///svn/phpbb/trunk@7590 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/ucp.php')
| -rwxr-xr-x | phpBB/ucp.php | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/phpBB/ucp.php b/phpBB/ucp.php index 2d47134538..923a974b92 100755 --- a/phpBB/ucp.php +++ b/phpBB/ucp.php @@ -82,16 +82,21 @@ switch ($mode) break; case 'logout': - if ($user->data['user_id'] != ANONYMOUS) - { - $user->session_kill(); - $user->session_begin(); - } - - meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx")); - - $message = $user->lang['LOGOUT_REDIRECT'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a> '); - trigger_error($message); + if ($user->data['user_id'] != ANONYMOUS && (!empty($_GET['sid']) && ($_GET['sid'] == $user->session_id))) + { + $user->session_kill(); + $user->session_begin(); + $message = $user->lang['LOGOUT_REDIRECT']; + } + else + { + $message = $user->lang['LOGOUT_FAILED']; + } + meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx")); + + $message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a> '); + trigger_error($message); + break; case 'terms': |