}
header('Location: ' . $url);
exit;
}
$language = isset($prefs) ? $prefs->getValue('language') : NLS::select();
$entry = sprintf('User %s [%s] logged out of Horde', Auth::getAuth(), $_SERVER['REMOTE_ADDR']);
Horde::logMessage($entry, __FILE__, __LINE__, PEAR_LOG_INFO);
Auth::clearAuth();
session_destroy();
/* If logout has a set initial page, redirect to that. Check that
* it is not a looping redirect. */
if (isset($registry->applications['logout']['initial_page']) && $registry->applications['logout']['initial_page'] != 'login.php?' . AUTH_REASON_PARAM . '=' . AUTH_REASON_LOGOUT) {
header('Location: ' . Horde::applicationUrl($registry->applications['logout']['initial_page']));
exit;
}
Horde::setupSessionHandler();
@session_start();
NLS::setLang($language);
/* Hook to preselect the correct language in the widget. */
$_GET['new_lang'] = $language;
}
if (isset($_POST['horde_user']) && isset($_POST['horde_pass'])) {
/* Destroy any existing session on login and make sure to use a
* new session ID, to avoid session fixation issues. */
Horde::getCleanSession();
if ($auth->authenticate(Util::getPost('horde_user'), array('password' => Util::getPost('horde_pass')))) {
$entry = sprintf('Login success for %s [%s] to Horde', Auth::getAuth(), $_SERVER['REMOTE_ADDR']);
Horde::logMessage($entry, __FILE__, __LINE__, PEAR_LOG_INFO);
if ($url_param) {
$url = Horde::url(Util::removeParameter($url_param, session_name()), true);
$horde_url = Horde::applicationUrl($registry->getParam('webroot', 'horde') . '/index.php', true);
/**
* Destroys any existing session on login and make sure to use a new
* session ID, to avoid session fixation issues. Should be called before
* checking a login.
*/
function getCleanSession()
{
// Make sure to force a completely new session ID and clear all
// session data.
if (version_compare(PHP_VERSION, '4.3.3') !== -1) {
session_regenerate_id(true);
session_unset();
} else {
$old_error = error_reporting(0);
session_destroy();
error_reporting($old_error);
if (Util::extensionExists('posix')) {
$new_session_id = md5(microtime() . posix_getpid());
} else {
$new_session_id = md5(uniqid(mt_rand(), true));
}
session_id($new_session_id);
// Restart the session, including setting up the session handler.
Horde::setupSessionHandler();
error_reporting(0);
session_start();
error_reporting($old_error);
}
/* Reset cookie timeouts, if necessary. */
if (!empty($GLOBALS['conf']['session']['timeout'])) {
$app = $GLOBALS['registry']->getApp();
if (Secret::clearKey($app)) {
Secret::setKey($app);
}
Secret::setKey('auth');
}
}
