Skip to content
Snippets Groups Projects
Normal view Permalink
logout.php 977 B
Newer Older
  • Learn to ignore specific revisions
    • Jared Hancock's avatar
    1.7 Developer Pre-Release
    Jared Hancock committed
    1 2 3 4 5 6 7 8 
    <?php
/*********************************************************************
    logout.php

    Log out staff
    Destroy the session and redirect to login.php

    Peter Rotich <peter@osticket.com>
    Peter Rotich's avatar
    Update copyright (c) to 2013!  
    Peter Rotich committed
    9 
        Copyright (c)  2006-2013 osTicket
    Jared Hancock's avatar
    1.7 Developer Pre-Release
    Jared Hancock committed
    10 11 12 13 14 15 16 17 
        http://www.osticket.com

    Released under the GNU General Public License WITHOUT ANY WARRANTY.
    See LICENSE.TXT for details.

    vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
require('staff.inc.php');
    Peter Rotich's avatar
    CSRF protect logout links  
    Peter Rotich committed
    18 19 20 
    //Check token: Make sure the user actually clicked on the link to logout.
if(!$_GET['auth'] || !$ost->validateLinkToken($_GET['auth']))
    @header('Location: index.php');
    Peter Rotich's avatar
    Add CSRF protection to logout link - Auth token is used to avoid possibly leaking real csrf token  
    Peter Rotich committed
    21
    Peter Rotich's avatar
    Move logging from static sys class to core - Load config via core  
    Peter Rotich committed
    22 23 24 
    $ost->logDebug('Staff logout',
        sprintf("%s logged out [%s]", 
            $thisstaff->getUserName(), $_SERVER['REMOTE_ADDR'])); //Debug.
    Jared Hancock's avatar
    1.7 Developer Pre-Release
    Jared Hancock committed
    25 26 27 28 29 30 
    $_SESSION['_staff']=array();
session_unset();
session_destroy();
@header('Location: login.php');
require('login.php');
?>