1 files changed, 14 insertions, 4 deletions

diff --git a/include/auth.php b/include/auth.php
index 6f5e58361..c44eeb8fc 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -37,6 +37,7 @@ require_once('include/security.php');
 function account_verify_password($login, $pass) {
 
 	$ret = [ 'account' => null, 'channel' => null, 'xchan' => null ];
+	$login = punify($login);
 
 	$email_verify = get_config('system', 'verify_email');
 	$register_policy = get_config('system', 'register_policy');
@@ -144,8 +145,17 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
 		// process logout request
 		$args = array('channel_id' => local_channel());
 		call_hooks('logging_out', $args);
-		App::$session->nuke();
-		info( t('Logged out.') . EOL);
+
+
+		if($_SESSION['delegate'] && $_SESSION['delegate_push']) {
+			$_SESSION = $_SESSION['delegate_push'];
+			info( t('Delegation session ended.') . EOL);
+		}
+		else {	
+			App::$session->nuke();
+			info( t('Logged out.') . EOL);
+		}
+
 		goaway(z_root());
 	}
 
@@ -235,7 +245,7 @@ else {
 		$record = null;
 
 		$addon_auth = array(
-			'username' => trim($_POST['username']), 
+			'username' => punify(trim($_POST['username'])), 
 			'password' => trim($_POST['password']),
 			'authenticated' => 0,
 			'user_record' => null
@@ -261,7 +271,7 @@ else {
 			$verify = account_verify_password($_POST['username'], $_POST['password']);
 			if($verify && array_key_exists('reason',$verify) && $verify['reason'] === 'unvalidated') {
 				notice( t('Email validation is incomplete. Please check your email.'));
-				goaway(z_root() . '/email_validation/' . bin2hex(trim(escape_tags($_POST['username']))));
+				goaway(z_root() . '/email_validation/' . bin2hex(punify(trim(escape_tags($_POST['username'])))));
 			}
 			elseif($verify) {
 				$atoken  = $verify['xchan'];