Logout by POST
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@387 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
jakubvrana
parent
eff527b3d8
commit
0cb0f51ab0
18
auth.inc.php
18
auth.inc.php
|
|
@ -22,12 +22,18 @@ if (isset($_POST["server"])) {
|
|||
}
|
||||
}
|
||||
$_GET["server"] = $_POST["server"];
|
||||
} elseif (isset($_GET["logout"])) {
|
||||
unset($_SESSION["usernames"][$_GET["server"]]);
|
||||
unset($_SESSION["passwords"][$_GET["server"]]);
|
||||
unset($_SESSION["databases"][$_GET["server"]]);
|
||||
$_SESSION["tokens"][$_GET["server"]] = array();
|
||||
redirect(substr($SELF, 0, -1), lang('Logout successful.'));
|
||||
} elseif (isset($_POST["logout"])) {
|
||||
if ($_POST["token"] != $_SESSION["tokens"][$_GET["server"]]["?logout"]) {
|
||||
page_header(lang('Logout'), lang('Invalid CSRF token. Send the form again.'));
|
||||
page_footer("db");
|
||||
exit;
|
||||
} else {
|
||||
unset($_SESSION["usernames"][$_GET["server"]]);
|
||||
unset($_SESSION["passwords"][$_GET["server"]]);
|
||||
unset($_SESSION["databases"][$_GET["server"]]);
|
||||
$_SESSION["tokens"][$_GET["server"]] = array();
|
||||
redirect(substr($SELF, 0, -1), lang('Logout successful.'));
|
||||
}
|
||||
}
|
||||
|
||||
function auth_error() {
|
||||
|
|
|
|||
|
|
@ -60,11 +60,19 @@ function page_footer($missing = false) {
|
|||
<div id="menu">
|
||||
<h1><a href="http://phpminadmin.sourceforge.net"><?php echo lang('phpMinAdmin'); ?></a></h1>
|
||||
<?php if ($missing != "auth") { ?>
|
||||
<form action="" method="post">
|
||||
<p>
|
||||
<a href="<?php echo htmlspecialchars($SELF); ?>sql="><?php echo lang('SQL command'); ?></a>
|
||||
<a href="<?php echo htmlspecialchars($SELF); ?>dump=<?php echo urlencode($_GET["table"]); ?>"><?php echo lang('Dump'); ?></a>
|
||||
<a href="<?php echo htmlspecialchars(preg_replace('~db=[^&]*&~', '', $SELF)); ?>logout="><?php echo lang('Logout'); ?></a>
|
||||
<input type="hidden" name="token" value="<?php
|
||||
if (!$_SESSION["tokens"][$_GET["server"]]["?logout"]) {
|
||||
$_SESSION["tokens"][$_GET["server"]]["?logout"] = rand(1, 1e6);
|
||||
}
|
||||
echo $_SESSION["tokens"][$_GET["server"]]["?logout"];
|
||||
?>" />
|
||||
<input type="submit" name="logout" value="<?php echo lang('Logout'); ?>" />
|
||||
</p>
|
||||
</form>
|
||||
<form action="">
|
||||
<p><?php if (strlen($_GET["server"])) { ?><input type="hidden" name="server" value="<?php echo htmlspecialchars($_GET["server"]); ?>" /><?php } ?>
|
||||
<select name="db" onchange="this.form.submit();"><option value="">(<?php echo lang('database'); ?>)</option>
|
||||
|
|
|
|||
Loading…
Reference in a new issue