} header('Location: ' . $url); exit; } $language = isset($prefs) ? $prefs->getValue('language') : NLS::select(); $entry = sprintf('User %s [%s] logged out of Horde', Auth::getAuth(), $_SERVER['REMOTE_ADDR']); Horde::logMessage($entry, __FILE__, __LINE__, PEAR_LOG_INFO); Auth::clearAuth(); session_destroy(); /* If logout has a set initial page, redirect to that. Check that * it is not a looping redirect. */ if (isset($registry->applications['logout']['initial_page']) && $registry->applications['logout']['initial_page'] != 'login.php?' . AUTH_REASON_PARAM . '=' . AUTH_REASON_LOGOUT) { header('Location: ' . Horde::applicationUrl($registry->applications['logout']['initial_page'])); exit; } Horde::setupSessionHandler(); @session_start(); NLS::setLang($language); /* Hook to preselect the correct language in the widget. */ $_GET['new_lang'] = $language; } if (isset($_POST['horde_user']) && isset($_POST['horde_pass'])) { /* Destroy any existing session on login and make sure to use a * new session ID, to avoid session fixation issues. */ Horde::getCleanSession(); if ($auth->authenticate(Util::getPost('horde_user'), array('password' => Util::getPost('horde_pass')))) { $entry = sprintf('Login success for %s [%s] to Horde', Auth::getAuth(), $_SERVER['REMOTE_ADDR']); Horde::logMessage($entry, __FILE__, __LINE__, PEAR_LOG_INFO); if ($url_param) { $url = Horde::url(Util::removeParameter($url_param, session_name()), true); $horde_url = Horde::applicationUrl($registry->getParam('webroot', 'horde') . '/index.php', true);
/** * Destroys any existing session on login and make sure to use a new * session ID, to avoid session fixation issues. Should be called before * checking a login. */ function getCleanSession() { // Make sure to force a completely new session ID and clear all // session data. if (version_compare(PHP_VERSION, '4.3.3') !== -1) { session_regenerate_id(true); session_unset(); } else { $old_error = error_reporting(0); session_destroy(); error_reporting($old_error); if (Util::extensionExists('posix')) { $new_session_id = md5(microtime() . posix_getpid()); } else { $new_session_id = md5(uniqid(mt_rand(), true)); } session_id($new_session_id); // Restart the session, including setting up the session handler. Horde::setupSessionHandler(); error_reporting(0); session_start(); error_reporting($old_error); } /* Reset cookie timeouts, if necessary. */ if (!empty($GLOBALS['conf']['session']['timeout'])) { $app = $GLOBALS['registry']->getApp(); if (Secret::clearKey($app)) { Secret::setKey($app); } Secret::setKey('auth'); } }