5 files changed, 55 insertions, 10 deletions
diff --git a/phpBB/includes/auth/provider_apache.php b/phpBB/includes/auth/provider_apache.php
index 2d26b85877..2ba76e26a9 100644
--- a/phpBB/includes/auth/provider_apache.php
+++ b/phpBB/includes/auth/provider_apache.php
@@ -237,7 +237,7 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface
 	 * @return 	boolean 	true if the given user is authenticated or false if
 	 * 						the session should be closed
 	 */
-	public function validate_session(&$user)
+	public function validate_session($user)
 	{
 		global $request;
 
@@ -262,4 +262,9 @@ class phpbb_auth_provider_apache implements phpbb_auth_provider_interface
 	{
 		return;
 	}
+
+	public function logout($data, $new_session)
+	{
+		return;
+	}
 }
diff --git a/phpBB/includes/auth/provider_db.php b/phpBB/includes/auth/provider_db.php
index df935fcd73..e24e701911 100644
--- a/phpBB/includes/auth/provider_db.php
+++ b/phpBB/includes/auth/provider_db.php
@@ -302,4 +302,14 @@ class phpbb_auth_provider_db implements phpbb_auth_provider_interface
 	{
 		return;
 	}
+
+	public function logout($data, $new_session)
+	{
+		return;
+	}
+
+	public function validate_session($user)
+	{
+		return;
+	}
 }
diff --git a/phpBB/includes/auth/provider_interface.php b/phpBB/includes/auth/provider_interface.php
index a789dccce7..534f198c21 100644
--- a/phpBB/includes/auth/provider_interface.php
+++ b/phpBB/includes/auth/provider_interface.php
@@ -57,6 +57,25 @@ interface phpbb_auth_provider_interface
 	/**
 	 * This function is used to output any required fields in the authentication
 	 * admin panel. It also defines any required configuration table fields.
+	 *
+	 * @param 	type 	$new
 	 */
 	public function acp($new);
+
+	/**
+	 * Special logout function.
+	 *
+	 * @param 	type 	$data
+	 * @param 	type 	$new_session
+	 */
+	public function logout($data, $new_session);
+
+	/**
+	 * The session validation function checks whether the user is still logged in.
+	 *
+	 * @param 	type 	$user
+	 * @return 	boolean	true if the given user is authenticated, false if the 
+	 * 					session should be closed, or null if not implemented.
+	 */
+	public function validate_session($user);
 }
diff --git a/phpBB/includes/auth/provider_ldap.php b/phpBB/includes/auth/provider_ldap.php
index c1f5b3e186..8270f50440 100644
--- a/phpBB/includes/auth/provider_ldap.php
+++ b/phpBB/includes/auth/provider_ldap.php
@@ -358,4 +358,14 @@ class phpbb_auth_provider_ldap implements phpbb_auth_provider_interface
 	{
 		return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string);
 	}
+
+	public function logout($data, $new_session)
+	{
+		return;
+	}
+
+	public function validate_session($user)
+	{
+		return;
+	}
 }
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 85ca8abf3d..f12ba1329c 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -402,12 +402,13 @@ class phpbb_session
 
 					// Check whether the session is still valid if we have one
 					$method = basename(trim($config['auth_method']));
-					include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
 
-					$method = 'validate_session_' . $method;
-					if (function_exists($method))
+					$class = 'phpbb_auth_provider_' . $method;
+					if (class_exists($class))
 					{
-						if (!$method($this->data))
+						$provider = new $class();
+						$ret = $provider->validate_session($this->data);
+						if ($ret !== null && !$ret)
 						{
 							$session_expired = true;
 						}
@@ -573,7 +574,7 @@ class phpbb_session
 		if (class_exists($class))
 		{
 			$provider = new $class();
-			$this->data = $class->autologin();
+			$this->data = $provider->autologin();
 
 			if (sizeof($this->data))
 			{
@@ -893,12 +894,12 @@ class phpbb_session
 
 		// Allow connecting logout with external auth method logout
 		$method = basename(trim($config['auth_method']));
-		include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
 
-		$method = 'logout_' . $method;
-		if (function_exists($method))
+		$class = 'phpbb_auth_provider_' . $method;
+		if (class_exists($class))
 		{
-			$method($this->data, $new_session);
+			$provider = new $class();
+			$provider->logout($this->data, $new_session);
 		}
 
 		if ($this->data['user_id'] != ANONYMOUS)