/**
* Logout user
*
* @param $logouthash Logout hash
* @return bool
*/
public function logout($logouthash = null)
{
// keeping this just because of datamanager constants
require_once DIR . '/includes/functions_login.php';
// process facebook logout first if applicable
vB_Library::instance('facebook')->clearSession();
$userinfo = vB::getCurrentSession()->fetch_userinfo();
if (!defined("VB_API") || VB_API_VERSION_CURRENT >= VB5_API_VERSION_START) {
if ($userinfo['userid'] != 0 and !vB_User::verifySecurityToken($logouthash, $userinfo['securitytoken_raw'])) {
throw new vB_Exception_Api('logout_error');
}
}
return vB_User::processLogout();
}
protected function checkCSRF()
{
if (!empty($_SERVER['REQUEST_METHOD']) and strtoupper($_SERVER['REQUEST_METHOD']) == 'POST') {
$userinfo = vB_User::fetchUserinfo();
if ($userinfo['userid'] > 0 and (!defined('CSRF_PROTECTION') or defined('CSRF_PROTECTION') and CSRF_PROTECTION === true)) {
if (!$this->location['login']) {
if (!isset($_POST['securitytoken'])) {
$_POST['securitytoken'] = '';
}
if (!vB_User::verifySecurityToken($_POST['securitytoken'], $userinfo['securitytoken_raw'])) {
switch ($_POST['securitytoken']) {
case '':
return array('error' => 'security_token_missing');
case 'guest':
return array('error' => 'security_token_guest');
case 'timeout':
return array('error' => 'security_token_timeout');
default:
return array('error' => 'security_token_invalid');
}
}
}
}
}
return false;
}