diff options
-rw-r--r-- | phpBB/includes/functions.php | 2 | ||||
-rw-r--r-- | phpBB/language/en/ucp.php | 1 | ||||
-rwxr-xr-x | phpBB/ucp.php | 25 |
3 files changed, 17 insertions, 11 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 78de587eea..922c85d06d 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3827,7 +3827,7 @@ function page_header($page_title = '', $display_online_list = true) // Generate logged in/logged out status if ($user->data['user_id'] != ANONYMOUS) { - $u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout'); + $u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout', true, $user->session_id); $l_login_logout = sprintf($user->lang['LOGOUT_USER'], $user->data['username']); } else diff --git a/phpBB/language/en/ucp.php b/phpBB/language/en/ucp.php index d3fd597572..e4b8f9476f 100644 --- a/phpBB/language/en/ucp.php +++ b/phpBB/language/en/ucp.php @@ -228,6 +228,7 @@ $lang = array_merge($lang, array( 'LINK_REMOTE_SIZE_EXPLAIN' => 'Specify the width and height of the avatar, leave blank to attempt automatic verification.', 'LOGIN_EXPLAIN_UCP' => 'Please login in order to access the User Control Panel.', 'LOGIN_REDIRECT' => 'You have been successfully logged in.', + 'LOGOUT_FAILED' => 'You were not logged out, as the request did not match your session.', 'LOGOUT_REDIRECT' => 'You have been successfully logged out.', 'MARK_IMPORTANT' => 'Mark/Unmark as important', diff --git a/phpBB/ucp.php b/phpBB/ucp.php index 2d47134538..923a974b92 100755 --- a/phpBB/ucp.php +++ b/phpBB/ucp.php @@ -82,16 +82,21 @@ switch ($mode) break; case 'logout': - if ($user->data['user_id'] != ANONYMOUS) - { - $user->session_kill(); - $user->session_begin(); - } - - meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx")); - - $message = $user->lang['LOGOUT_REDIRECT'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a> '); - trigger_error($message); + if ($user->data['user_id'] != ANONYMOUS && (!empty($_GET['sid']) && ($_GET['sid'] == $user->session_id))) + { + $user->session_kill(); + $user->session_begin(); + $message = $user->lang['LOGOUT_REDIRECT']; + } + else + { + $message = $user->lang['LOGOUT_FAILED']; + } + meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx")); + + $message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a> '); + trigger_error($message); + break; case 'terms': |