public static function IsLoggedIn()
{
// To prevent possible session hijacking, compare IP addresses
// from what they logged in with to what the current client has.
// If it's different, the session ID was probably intercepted.
// In that case, do a full, deliberate logout.
if (isset($_SESSION['ipaddress']) && $_SESSION['ipaddress'] != $_SERVER['REMOTE_ADDR']) {
StakeLeader::Logout();
}
return isset($_SESSION['stakeLeaderID']) && isset($_SESSION['ipaddress']) && isset($_SESSION['timestamp']) && $_SESSION['stakeLeaderID'] > 0 && $_SESSION['ipaddress'] == $_SERVER['REMOTE_ADDR'];
}
<?php
require_once "lib/init.php";
// Make sure they're first logged in
protectPage(0, true);
if ($MEMBER) {
// Perform member logout
if (!Member::Logout()) {
// Uh oh.
// Attempt to perform manual, "hard-wired" logout...
$_SESSION['userID'] = 0;
if (isset($_SESSION['userID'])) {
unset($_SESSION['userID']);
}
session_destroy();
}
} else {
// Perform leader logout
if (!StakeLeader::Logout()) {
// Same spiel as above...
$_SESSION['stakeLeaderID'] = 0;
if (isset($_SESSION['stakeLeaderID'])) {
unset($_SESSION['stakeLeaderID']);
}
session_destroy();
}
}
header("Location: /");