public function logout() { Session::wipe('user'); // check for keep logged in, destroy if found }
} else { if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && Validation::isIP($_SERVER['HTTP_X_FORWARDED_FOR']) && !Validation::isLocalIP($_SERVER['HTTP_X_FORWARDED_FOR'])) { define('IP', $_SERVER['HTTP_X_FORWARDED_FOR']); } else { if (Validation::isIP($_SERVER['REMOTE_ADDR']) && !Validation::isLocalIP($_SERVER['REMOTE_ADDR'])) { define('IP', $_SERVER['REMOTE_ADDR']); } else { define('IP', '0.0.0.0'); } } } // Security : The session is wiped if the user-agent change if (Session::exists('HTTP_USER_AGENT')) { if (Session::read('HTTP_USER_AGENT') != $_SERVER['HTTP_USER_AGENT']) { Session::regenerate_id(); Session::wipe(); Session::write('HTTP_USER_AGENT', $_SERVER['HTTP_USER_AGENT']); } } else { Session::write('HTTP_USER_AGENT', $_SERVER['HTTP_USER_AGENT']); } // Security : The page is reloaded without session id in the URL if the session id is present in the URL if (strpos($_SERVER['REQUEST_URI'], Session::name()) && count($_POST) == 0) { Session::close(); setcookie(Session::name(), Session::id(), null, '/', '.' . $domaine); $page_address = preg_replace('#(?<=&|\\?)' . Session::name() . '=[^&]+(?:&|$)#', '', $_SERVER['REQUEST_URI']); $page_address = rtrim($page_address, '?&'); header('Location: http://' . $_SERVER['HTTP_HOST'] . $page_address); exit; } // Security : The $_POST variables are wiped if the referer domain is different from the current domain