aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorredmatrix <git@macgirvin.com>2016-03-12 19:53:07 -0800
committerredmatrix <git@macgirvin.com>2016-03-12 19:53:07 -0800
commitcc29e27acc04511b943c5dcab85b1ce215ac2e49 (patch)
tree4861ff715cec11a22e1c8e8b207b3a2460c714e0
parent70ad69d38c53f78d04d912495f63c6fb781f0550 (diff)
downloadvolse-hubzilla-cc29e27acc04511b943c5dcab85b1ce215ac2e49.tar.gz
volse-hubzilla-cc29e27acc04511b943c5dcab85b1ce215ac2e49.tar.bz2
volse-hubzilla-cc29e27acc04511b943c5dcab85b1ce215ac2e49.zip
issue #320 - regression, after removing channel attached to an authenticated session the session was not completely cleared.
-rw-r--r--include/Contact.php5
-rw-r--r--include/auth.php27
-rw-r--r--include/session.php32
3 files changed, 34 insertions, 30 deletions
diff --git a/include/Contact.php b/include/Contact.php
index 611371db6..1c61470e1 100644
--- a/include/Contact.php
+++ b/include/Contact.php
@@ -263,7 +263,7 @@ function rrmdir($path)
return false;
}
-function channel_remove($channel_id, $local = true, $unset_session=true) {
+function channel_remove($channel_id, $local = true, $unset_session=false) {
if(! $channel_id)
return;
@@ -389,8 +389,7 @@ function channel_remove($channel_id, $local = true, $unset_session=true) {
proc_run('php','include/directory.php',$channel_id);
if($channel_id == local_channel() && $unset_session) {
- unset($_SESSION['authenticated']);
- unset($_SESSION['uid']);
+ nuke_session();
goaway($a->get_baseurl());
}
diff --git a/include/auth.php b/include/auth.php
index 4f0c4c928..1a7110c20 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -12,33 +12,6 @@
require_once('include/api_auth.php');
require_once('include/security.php');
-/**
- * @brief Resets the current session.
- *
- * @return void
- */
-function nuke_session() {
- new_cookie(0); // 0 means delete on browser exit
-
- unset($_SESSION['authenticated']);
- unset($_SESSION['account_id']);
- unset($_SESSION['uid']);
- unset($_SESSION['visitor_id']);
- unset($_SESSION['administrator']);
- unset($_SESSION['cid']);
- unset($_SESSION['theme']);
- unset($_SESSION['mobile_theme']);
- unset($_SESSION['show_mobile']);
- unset($_SESSION['page_flags']);
- unset($_SESSION['delegate']);
- unset($_SESSION['delegate_channel']);
- unset($_SESSION['my_url']);
- unset($_SESSION['my_address']);
- unset($_SESSION['addr']);
- unset($_SESSION['return_url']);
- unset($_SESSION['remote_service_class']);
- unset($_SESSION['remote_hub']);
-}
/**
* @brief Verify login credentials.
diff --git a/include/session.php b/include/session.php
index 43bba528b..6060e4712 100644
--- a/include/session.php
+++ b/include/session.php
@@ -12,6 +12,38 @@
$session_exists = 0;
$session_expire = 180000;
+
+/**
+ * @brief Resets the current session.
+ *
+ * @return void
+ */
+
+function nuke_session() {
+ new_cookie(0); // 0 means delete on browser exit
+
+ unset($_SESSION['authenticated']);
+ unset($_SESSION['account_id']);
+ unset($_SESSION['uid']);
+ unset($_SESSION['visitor_id']);
+ unset($_SESSION['administrator']);
+ unset($_SESSION['cid']);
+ unset($_SESSION['theme']);
+ unset($_SESSION['mobile_theme']);
+ unset($_SESSION['show_mobile']);
+ unset($_SESSION['page_flags']);
+ unset($_SESSION['delegate']);
+ unset($_SESSION['delegate_channel']);
+ unset($_SESSION['my_url']);
+ unset($_SESSION['my_address']);
+ unset($_SESSION['addr']);
+ unset($_SESSION['return_url']);
+ unset($_SESSION['remote_service_class']);
+ unset($_SESSION['remote_hub']);
+}
+
+
+
function new_cookie($time) {
$old_sid = session_id();