예제 #1
0
 /**
  * Logout user
  *
  * @param $logouthash Logout hash
  * @return bool
  */
 public function logout($logouthash = null)
 {
     // keeping this just because of datamanager constants
     require_once DIR . '/includes/functions_login.php';
     // process facebook logout first if applicable
     vB_Library::instance('facebook')->clearSession();
     $userinfo = vB::getCurrentSession()->fetch_userinfo();
     if (!defined("VB_API") || VB_API_VERSION_CURRENT >= VB5_API_VERSION_START) {
         if ($userinfo['userid'] != 0 and !vB_User::verifySecurityToken($logouthash, $userinfo['securitytoken_raw'])) {
             throw new vB_Exception_Api('logout_error');
         }
     }
     return vB_User::processLogout();
 }
예제 #2
0
 protected function checkCSRF()
 {
     if (!empty($_SERVER['REQUEST_METHOD']) and strtoupper($_SERVER['REQUEST_METHOD']) == 'POST') {
         $userinfo = vB_User::fetchUserinfo();
         if ($userinfo['userid'] > 0 and (!defined('CSRF_PROTECTION') or defined('CSRF_PROTECTION') and CSRF_PROTECTION === true)) {
             if (!$this->location['login']) {
                 if (!isset($_POST['securitytoken'])) {
                     $_POST['securitytoken'] = '';
                 }
                 if (!vB_User::verifySecurityToken($_POST['securitytoken'], $userinfo['securitytoken_raw'])) {
                     switch ($_POST['securitytoken']) {
                         case '':
                             return array('error' => 'security_token_missing');
                         case 'guest':
                             return array('error' => 'security_token_guest');
                         case 'timeout':
                             return array('error' => 'security_token_timeout');
                         default:
                             return array('error' => 'security_token_invalid');
                     }
                 }
             }
         }
     }
     return false;
 }