external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Implement SSO logout

Browse source 
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This commit is contained in:
Frédéric Mangano-Tarumi 2020-07-14 15:35:05 +02:00 committed by Lukas Fleischer
parent 8ab1347034
commit 35eddac90b
2 changed files with 31 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

14
web/html/logout.php
View file

@ -5,16 +5,28 @@ set_include_path(get_include_path() . PATH_SEPARATOR . '../lib');
include_once("aur.inc.php"); # access AUR common functions
include_once("acctfuncs.inc.php"); # access AUR common functions
$redirect_uri = '/';
# if they've got a cookie, log them out - need to do this before
# sending any HTML output.
#
if (isset($_COOKIE["AURSID"])) {
$uid = uid_from_sid($_COOKIE['AURSID']);
delete_session_id($_COOKIE["AURSID"]);
# setting expiration to 1 means '1 second after midnight January 1, 1970'
setcookie("AURSID", "", 1, "/", null, !empty($_SERVER['HTTPS']), true);
unset($_COOKIE['AURSID']);
clear_expired_sessions();
# If the account is linked to an SSO account, disconnect the user from the SSO too.
if (isset($uid)) {
$dbh = DB::connect();
$sso_account_id = $dbh->query("SELECT SSOAccountID FROM Users WHERE ID = " . $dbh->quote($uid))
->fetchColumn();
if ($sso_account_id)
$redirect_uri = '/sso/logout';
}
}
header('Location: /');
header("Location: $redirect_uri");