Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
csrf for logout url
  • Loading branch information
remdex committed Dec 7, 2021
1 parent 8824ac2 commit e7fe1aa
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 4 deletions.
Expand Up @@ -5,6 +5,6 @@

<button type="button" class="btn btn-success" data-dismiss="modal" aria-label="Close"><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('user/wentinactive','Continue');?></button>

<a class="btn btn-secondary btn-warning float-right" href="<?php echo erLhcoreClassDesign::baseurl('user/logout')?>"><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('user/wentinactive','Logout');?></a>
<a class="btn btn-secondary btn-warning float-right" onclick="$(this).attr('href',$(this).attr('href')+'/(csfr)/'+confLH.csrf_token)" href="<?php echo erLhcoreClassDesign::baseurl('user/logout')?>"><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('user/wentinactive','Logout');?></a>

<?php include(erLhcoreClassDesign::designtpl('lhkernel/modal_footer.tpl.php'));?>
Expand Up @@ -30,7 +30,7 @@
<a title="<?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('chat/user_settings','Toggle between dark and white themes');?>" href="<?php echo erLhcoreClassDesign::baseurl('front/switchdashboard')?>/(action)/mode" class="dropdown-item pl-2"><span class="material-icons">settings_brightness</span><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('pagelayout/pagelayout','Dark/bright');?></a>
</div>
<div class="col-6">
<a class="dropdown-item pl-2" href="<?php echo erLhcoreClassDesign::baseurl('user/logout')?>" title="<?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('pagelayout/pagelayout','Logout');?>"><i class="material-icons">exit_to_app</i><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('pagelayout/pagelayout','Logout');?></a>
<a class="dropdown-item pl-2" onclick="$(this).attr('href',$(this).attr('href')+'/(csfr)/'+confLH.csrf_token)" href="<?php echo erLhcoreClassDesign::baseurl('user/logout')?>" title="<?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('pagelayout/pagelayout','Logout');?>"><i class="material-icons">exit_to_app</i><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('pagelayout/pagelayout','Logout');?></a>
</div>
</div>

Expand Down
7 changes: 6 additions & 1 deletion lhc_web/modules/lhuser/logout.php
Expand Up @@ -4,13 +4,18 @@

$lhUser = erLhcoreClassUser::instance();

if (!$lhUser->isLogged() || !$lhUser->validateCSFRToken($Params['user_parameters_unordered']['csfr'])) {
die('Invalid CSFR Token');
exit;
}

erLhcoreClassChatEventDispatcher::getInstance()->dispatch('user.logout',array('user' => & $lhUser));

$lhUser->logout();

erLhcoreClassChatEventDispatcher::getInstance()->dispatch('user.after_logout',array('user' => & $lhUser));

erLhcoreClassModule::redirect('user/login');
//erLhcoreClassModule::redirect('user/login');
exit;

?>
3 changes: 2 additions & 1 deletion lhc_web/modules/lhuser/module.php
Expand Up @@ -20,7 +20,8 @@
);

$ViewList['logout'] = array(
'params' => array()
'params' => array(),
'uparams' => array('csfr')
);

$ViewList['loginas'] = array(
Expand Down

0 comments on commit e7fe1aa

Please sign in to comment.