novabbs
/
rocksolid-light
3
0
Fork 1
Code Issues 25 Pull Requests Releases Wiki Activity

Clean up cookies properly on logout.

This commit is contained in:
Retro_Guy 2023-12-25 08:29:48 -07:00
parent dce9d81756
commit e4e09b3b5f
1 changed files with 26 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
Rocksolid_Light/spoolnews/user.php
View File

@ -1,9 +1,32 @@
<?php <?php
session_start(); session_start();
if (isset($_POST['command']) && $_POST['command'] == 'Logout') {
$past = time() - 3600;
foreach ( $_COOKIE as $key => $value )
{
setcookie( $key, $value, $past, '/' );
}
$_SESSION = array();
session_destroy();
$logmeout = true;
} else {
$logmeout = false;
}
include ("config.inc.php"); include ("config.inc.php");
include ("newsportal.php"); include ("newsportal.php");
if ($logmeout) {
include "head.inc";
echo "<center>";
echo "<hr><p>You have been logged out</p>";
echo '</center>';
echo '<br />';
include "tail.inc";
exit(0);
}
if (isset($_COOKIE['tzo'])) { if (isset($_COOKIE['tzo'])) {
$offset = $_COOKIE['tzo']; $offset = $_COOKIE['tzo'];
} else { } else {
@ -15,25 +38,7 @@ if (! isset($_POST['command'])) {
$keyfile = $spooldir . '/keys.dat'; $keyfile = $spooldir . '/keys.dat';
$keys = unserialize(file_get_contents($keyfile)); $keys = unserialize(file_get_contents($keyfile));
if ($_POST['command'] == 'Logout') {
unset($_COOKIE['mail_name']);
setcookie('mail_name', null, - 1, '/');
unset($_COOKIE['mail_auth']);
setcookie('mail_auth', null, - 1, '/');
unset($_COOKIE['cookie_name']);
setcookie('cookie_name', null, - 1, '/');
unset($_COOKIE['pkey']);
setcookie('pkey', null, - 1, '/');
unset($_SESSION['theme']);
unset($_POST['username']);
include "head.inc";
echo "<center>";
echo "<hr><p>You have been logged out</p>";
echo '</center>';
echo '<br />';
include "tail.inc";
exit(0);
}
$title .= ' - User Configuration'; $title .= ' - User Configuration';
include "head.inc"; include "head.inc";
@ -58,7 +63,7 @@ if (! isset($_COOKIE['mail_auth'])) {
$_COOKIE['mail_auth'] = null; $_COOKIE['mail_auth'] = null;
} }
if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) { if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) {
// if (((get_user_mail_auth_data($_COOKIE['mail_name'])) && password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) { // if (((get_user_mail_auth_data($_COOKIE['mail_name'])) && password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) {
$logged_in = true; $logged_in = true;
} else { } else {
if (check_bbs_auth($_POST['username'], $_POST['password'])) { if (check_bbs_auth($_POST['username'], $_POST['password'])) {
@ -212,7 +217,7 @@ $themedir = $rootdir . '/common/themes';
if (is_dir($themedir)) { if (is_dir($themedir)) {
if ($theme_list = opendir($themedir)) { if ($theme_list = opendir($themedir)) {
while (($theme_dir = readdir($theme_list)) !== false) { while (($theme_dir = readdir($theme_list)) !== false) {
if ($theme_dir == '.' || $theme_dir == '..' || !is_dir($themedir.'/'.$theme_dir)) { if ($theme_dir == '.' || $theme_dir == '..' || ! is_dir($themedir . '/' . $theme_dir)) {
continue; continue;
} }
$themes[] = $theme_dir; $themes[] = $theme_dir;