diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
index 67a59484..0046da7d 100644
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -73,18 +73,12 @@ if ($auth) {
redirect(auth_url($vendor, $server, $username, $db));
}
-} elseif ($_POST["logout"]) {
- if ($has_token && !verify_token()) {
- page_header(lang('Logout'), lang('Invalid CSRF token. Send the form again.'));
- page_footer("db");
- exit;
- } else {
- foreach (array("pwds", "db", "dbs", "queries") as $key) {
- set_session($key, null);
- }
- unset_permanent();
- redirect(substr(preg_replace('~\b(username|db|ns)=[^&]*&~', '', ME), 0, -1), lang('Logout successful.') . ' ' . lang('Thanks for using Adminer, consider donating.'));
+} elseif ($_POST["logout"] && (!$has_token || verify_token())) {
+ foreach (array("pwds", "db", "dbs", "queries") as $key) {
+ set_session($key, null);
}
+ unset_permanent();
+ redirect(substr(preg_replace('~\b(username|db|ns)=[^&]*&~', '', ME), 0, -1), lang('Logout successful.') . ' ' . lang('Thanks for using Adminer, consider donating.'));
} elseif ($permanent && !$_SESSION["pwds"]) {
session_regenerate_id();
@@ -176,6 +170,12 @@ if (!is_object($connection) || ($login = $adminer->login($_GET["username"], get_
auth_error($error . (preg_match('~^ | $~', get_password()) ? '
' . lang('There is a space in the input password which might be the cause.') : ''));
}
+if ($_POST["logout"] && $has_token && !verify_token()) {
+ page_header(lang('Logout'), lang('Invalid CSRF token. Send the form again.'));
+ page_footer("db");
+ exit;
+}
+
if ($auth && $_POST["token"]) {
$_POST["token"] = $token; // reset token after explicit login
}