Fixed some problems with cookies bein set wrong when logging in/out.

Now correctly clears cookies and resets session ID.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@590 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/src/login.php b/src/login.php
index c053f4803c021b2b215c26970e10aba1e16c7444..09e3d6f0a28d34171709ca0e7a68893953160211 100644 (file)
--- a/src/login.php
+++ b/src/login.php
@@ -1,15 +1,15 @@
 <?php
    /**
-    **  login.php
+    **  login.php -- simple login screen
+    ** 
+    **  Copyright (c) 1999-2000 The SquirrelMail development team
+    **  Licensed under the GNU GPL. For full terms see the file COPYING.
     **
-    **  Very simple login screen that clears the cookie every time it's loaded
+    **  This a simple login screen. Some housekeeping is done to clean
+    **  cookies and find language.
     **
     **/
 
-   setcookie("username", "", time(), "/");
-   setcookie("key", "", time(), "/");
-   setcookie("logged_in", 0, time(), "/");
-
    if (!isset($config_php))
       include("../config/config.php");
    if (!isset($strings_php))
@@ -41,6 +41,18 @@
       }
    }
 
+   // Need the base URI to set the cookies. (Same code as in webmail.php)
+   ereg ("(^.*/)[^/]+/[^/]+$", $PHP_SELF, $regs);
+   $base_uri = $regs[1];
+
+   setcookie("username", "", 0, $base_uri);
+   setcookie("key", "", 0, $base_uri);
+   setcookie("logged_in", 0, 0, $base_uri);
+
+   // In case the last session was not terminated properly, make sure
+   // we get a new one.
+   setcookie("PHPSESSID", "", 0, $base_uri);
+
    echo "<HTML>";
    echo "<HEAD><TITLE>";
    echo _("SquirrelMail Login");

diff --git a/src/signout.php b/src/signout.php
index 2219f6af87ecc1549713bfee6af3fb316c662c08..e3275c4dcd172800cc91b66d7243385f227ab318 100644 (file)
--- a/src/signout.php
+++ b/src/signout.php
@@ -1,12 +1,16 @@
 <?php
    session_start();
 
-       /**
-        **  signout.php
-        **
-        **  Clears the cookie, and logs them out.
-        **
-        **/
+   /**
+    **  signout.php -- cleans up session and logs the user out
+    **
+    **  Copyright (c) 1999-2000 The SquirrelMail development team
+    **  Licensed under the GNU GPL. For full terms see the file COPYING.
+    **
+    **  Cleans up after the user. Resets cookies and terminates
+    **  session.
+    **
+    **/
 
    include ("../src/load_prefs.php");
 
@@ -14,6 +18,8 @@
       include("../functions/i18n.php");
    if (!isset($prefs_php))
       include ("../functions/prefs.php");
+   if (!isset($plugin_php))
+      include ("../functions/plugin.php");
 
    // Quick Fix for Gettext in LogOut Screen
    if (!function_exists("_")) {
@@ -38,9 +44,10 @@
       }
    }
 
-   setcookie("username", "", time(), "/");
-   setcookie("key", "", time(), "/");
-   setcookie("logged_in", 0, time(), "/");
+   do_hook("logout");
+   setcookie("username", "", 0, $base_uri);
+   setcookie("key", "", 0, $base_uri);
+   setcookie("logged_in", "", 0, $base_uri);
    session_destroy();
 ?>
 <HTML>

diff --git a/src/webmail.php b/src/webmail.php
index 158c7c42d7ebb3162360256e8ec31fdee894fd59..2bc1caaf507013641b43b9822b5131d2ff54cafa 100644 (file)
--- a/src/webmail.php
+++ b/src/webmail.php
@@ -1,8 +1,9 @@
 <?php
+
    /**
     **  webmail.php -- Displays the main frameset
     **
-    **  Copyright (c) 2000 The SquirrelMail development team
+    **  Copyright (c) 1999-2000 The SquirrelMail development team
     **  Licensed under the GNU GPL. For full terms see the file COPYING.
     **
     **  This file generates the main frameset. The files that are
@@ -44,7 +45,7 @@
    if (!isset($auth_php))
       include ("../functions/auth.php");
 
-   if (!session_is_registered("user_is_logged_in")) {
+   if (!session_is_registered("user_is_logged_in") || $logged_in != 1) {
       do_hook ("login_before");
       // verify that username and password are correct
       $imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);