Skip to content
Snippets Groups Projects
Commit d16d8c18 authored by Peter Rotich's avatar Peter Rotich
Browse files

CSRF protect logout links

parent 7a2768a3
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
include/client/header.inc.php
+ 1
1
View file @ d16d8c18
...@@ -30,7 +30,7 @@ header("Content-Type: text/html; charset=UTF-8\r\n"); ...@@ -30,7 +30,7 @@ header("Content-Type: text/html; charset=UTF-8\r\n");
<a href="<?php echo ROOT_PATH; ?>tickets.php">My Tickets <b>(<?php echo $thisclient->getNumTickets(); ?>)</b></a> - <a href="<?php echo ROOT_PATH; ?>tickets.php">My Tickets <b>(<?php echo $thisclient->getNumTickets(); ?>)</b></a> -
<?php <?php
} ?> } ?>
<a href="<?php echo ROOT_PATH; ?>logout.php">Log Out</a> <a href="<?php echo ROOT_PATH; ?>logout.php?auth=<?php echo $ost->getLinkToken(); ?>">Log Out</a>
<?php <?php
}elseif($nav){ ?> }elseif($nav){ ?>
Guest User - <a href="<?php echo ROOT_PATH; ?>login.php">Log In</a> Guest User - <a href="<?php echo ROOT_PATH; ?>login.php">Log In</a>
......
include/staff/header.inc.php
+ 1
1
View file @ d16d8c18
...@@ -49,7 +49,7 @@ ...@@ -49,7 +49,7 @@
| <a href="index.php">Staff Panel</a> | <a href="index.php">Staff Panel</a>
<?php } ?> <?php } ?>
| <a href="profile.php">My Preferences</a> | <a href="profile.php">My Preferences</a>
| <a href="logout.php?auth=<?php echo md5($ost->getCSRFToken().SECRET_SALT.session_id()); ?>">Log Out</a> | <a href="logout.php?auth=<?php echo $ost->getLinkToken(); ?>">Log Out</a>
</p> </p>
</div> </div>
<ul id="nav"> <ul id="nav">
......
logout.php
+ 4
1
View file @ d16d8c18
...@@ -15,7 +15,10 @@ ...@@ -15,7 +15,10 @@
**********************************************************************/ **********************************************************************/
require('client.inc.php'); require('client.inc.php');
//We are checking to make sure the user is logged in before a logout to avoid session reset tricks on excess logins //Check token: Make sure the user actually clicked on the link to logout.
if(!$_GET['auth'] || !$ost->validateLinkToken($_GET['auth']))
@header('Location: index.php');
$_SESSION['_client']=array(); $_SESSION['_client']=array();
session_unset(); session_unset();
session_destroy(); session_destroy();
......
scp/logout.php
+ 3
3
View file @ d16d8c18
...@@ -15,9 +15,9 @@ ...@@ -15,9 +15,9 @@
vim: expandtab sw=4 ts=4 sts=4: vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/ **********************************************************************/
require('staff.inc.php'); require('staff.inc.php');
//CSRF Check: Make sure the user actually clicked on the link to logout. //Check token: Make sure the user actually clicked on the link to logout.
if(!$_GET['auth'] || $_GET['auth']!=md5($ost->getCSRFToken().SECRET_SALT.session_id())) if(!$_GET['auth'] || !$ost->validateLinkToken($_GET['auth']))
@header('Location: index.php'); @header('Location: index.php');
$ost->logDebug('Staff logout', $ost->logDebug('Staff logout',
sprintf("%s logged out [%s]", sprintf("%s logged out [%s]",
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment