Index: trunk/CHANGELOG =================================================================== --- trunk/CHANGELOG (revision 931) +++ trunk/CHANGELOG (revision 932) @@ -11,6 +11,8 @@ ! = Update/Change ------------------------------------- 2.8.0 ------------------------------------- +16-Feb-2009 Christian Sommer +! reworked logout to reset possible remember key in database when logging out 15-Feb-2009 Christian Sommer # fixed bug with smart login option (remember me) (ticket #689) # special chars like   are shown when editing Add-on CSS files (ticket #678) Index: trunk/wb/admin/logout/index.php =================================================================== --- trunk/wb/admin/logout/index.php (revision 931) +++ trunk/wb/admin/logout/index.php (revision 932) @@ -23,12 +23,21 @@ */ -require("../../config.php"); +require('../../config.php'); -if(isset($_COOKIE['REMEMBER_KEY'])) { - setcookie('REMEMBER_KEY', '', time()-3600, '/'); +// delete remember key of current user from database +if (isset($_SESSION['USER_ID']) && isset($database)) { + $table = TABLE_PREFIX . 'users'; + $sql = "UPDATE `$table` SET `remember_key` = '' WHERE `user_id` = '" . (int) $_SESSION['USER_ID'] . "'"; + $database->query($sql); } +// delete remember key cookie if set +if (isset($_COOKIE['REMEMBER_KEY'])) { + setcookie('REMEMBER_KEY', '', time() - 3600, '/'); +} + +// delete most critical session variables manually $_SESSION['USER_ID'] = null; $_SESSION['GROUP_ID'] = null; $_SESSION['GROUPS_ID'] = null; @@ -35,11 +44,19 @@ $_SESSION['USERNAME'] = null; $_SESSION['PAGE_PERMISSIONS'] = null; $_SESSION['SYSTEM_PERMISSIONS'] = null; + +// overwrite session array $_SESSION = array(); -session_unset(); -unset($_COOKIE[session_name()]); + +// delete session cookie if set +if (isset($_COOKIE[session_name()])) { + setcookie(session_name(), '', time() - 42000, '/'); +} + +// delete the session itself session_destroy(); -header("Location: ".ADMIN_URL."/login/index.php"); +// redirect to admin login +die(header('Location: ' . ADMIN_URL . '/login/index.php')); ?> \ No newline at end of file