Move logout to a file logout.php in /post fixes issue where one cant logout if in admin section, also redirect to login page with or without login key if set

2024-10-18 00:12:08 -04:00 · 2024-10-18 00:12:08 -04:00 · d01d912154
parent fe86ca0dd7
commit d01d912154
3 changed files with 32 additions and 20 deletions
--- a/post.php
+++ b/post.php
@ -55,12 +55,13 @@ if (str_contains($module, 'admin') && isset($session_is_admin) && $session_is_ad

 }

+// Logout is the same for user and admin
+require_once "post/logout.php";

 // TODO: Move admin_update into the admin section to be auto-loaded
 //  We can't do this until everyone has the new database fields added in 1.4.9 on Sept 14th 2024
 require_once "post/admin_update.php"; // Load updater

-
 // TODO: Find a home for these

 require_once "post/ai.php";
--- a/post/logout.php
+++ b/post/logout.php
@ -0,0 +1,30 @@
+<?php
+
+/*
+ * ITFlow - Logout
+ */
+
+if (isset($_GET['logout'])) {
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Logout', log_action = 'Success', log_description = '$session_name logged out', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
+    mysqli_query($mysqli, "UPDATE users SET user_php_session = '' WHERE user_id = $session_user_id");
+
+    setcookie("PHPSESSID", '', time() - 3600, "/");
+    unset($_COOKIE['PHPSESSID']);
+
+    setcookie("user_encryption_session_key", '', time() - 3600, "/");
+    unset($_COOKIE['user_encryption_session_key']);
+
+    setcookie("user_extension_key", '', time() - 3600, "/");
+    unset($_COOKIE['user_extension_key']);
+
+    session_unset();
+    session_destroy();
+
+    if ($config_login_key_required == 1) {
+        header('Location: login.php?key=' . $config_login_key_secret);
+    } else {
+        header('Location: login.php');
+    }
+}
+
+?>
--- a/post/user/profile.php
+++ b/post/user/profile.php
@ -285,22 +285,3 @@ if (isset($_POST['revoke_your_2fa_remember_tokens'])) {
    header("Location: " . $_SERVER["HTTP_REFERER"]);

 }
-
-if (isset($_GET['logout'])) {
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Logout', log_action = 'Success', log_description = '$session_name logged out', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
-    mysqli_query($mysqli, "UPDATE users SET user_php_session = '' WHERE user_id = $session_user_id");
-
-    setcookie("PHPSESSID", '', time() - 3600, "/");
-    unset($_COOKIE['PHPSESSID']);
-
-    setcookie("user_encryption_session_key", '', time() - 3600, "/");
-    unset($_COOKIE['user_encryption_session_key']);
-
-    setcookie("user_extension_key", '', time() - 3600, "/");
-    unset($_COOKIE['user_extension_key']);
-
-    session_unset();
-    session_destroy();
-
-    header('Location: login.php?key=' . $config_login_key_secret);
-}