141 { |
141 { |
142 echo '<p>'.$__login_status.'</p>'; |
142 echo '<p>'.$__login_status.'</p>'; |
143 } |
143 } |
144 if ( $p = $paths->getAllParams() ) |
144 if ( $p = $paths->getAllParams() ) |
145 { |
145 { |
146 echo '<input type="hidden" name="return_to" value="'.$p.'" />'; |
146 echo '<input type="hidden" name="return_to" value="'.htmlspecialchars($p).'" />'; |
147 } |
147 } |
148 else if ( isset($_POST['login']) && isset($_POST['return_to']) ) |
148 else if ( isset($_POST['login']) && isset($_POST['return_to']) ) |
149 { |
149 { |
150 echo '<input type="hidden" name="return_to" value="'.htmlspecialchars($_POST['return_to']).'" />'; |
150 echo '<input type="hidden" name="return_to" value="'.htmlspecialchars($_POST['return_to']).'" />'; |
151 } |
151 } |
288 { |
288 { |
289 $template->load_theme($session->theme, $session->style); |
289 $template->load_theme($session->theme, $session->style); |
290 if(isset($_POST['return_to'])) |
290 if(isset($_POST['return_to'])) |
291 { |
291 { |
292 $name = ( isset($paths->pages[$_POST['return_to']]['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to']; |
292 $name = ( isset($paths->pages[$_POST['return_to']]['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to']; |
293 redirect( makeUrl($_POST['return_to'], false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to ' . $name . '...' ); |
293 redirect( makeUrl($_POST['return_to'], false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to ' . htmlspecialchars($name) . '...' ); |
294 } |
294 } |
295 else |
295 else |
296 { |
296 { |
297 redirect( makeUrl(getConfig('main_page'), false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to the main page...' ); |
297 redirect( makeUrl(getConfig('main_page'), false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to the main page...' ); |
298 } |
298 } |
324 |
324 |
325 function page_Special_Logout() { |
325 function page_Special_Logout() { |
326 global $db, $session, $paths, $template, $plugins; // Common objects |
326 global $db, $session, $paths, $template, $plugins; // Common objects |
327 if ( !$session->user_logged_in ) |
327 if ( !$session->user_logged_in ) |
328 $paths->main_page(); |
328 $paths->main_page(); |
|
329 |
|
330 $token = $paths->getParam(0); |
|
331 if ( $token !== $session->csrf_token ) |
|
332 csrf_request_confirm(); |
|
333 |
|
334 $target_page = ($p = $paths->getParam(1)) ? $p : getConfig('main_page'); |
329 |
335 |
330 $l = $session->logout(); |
336 $l = $session->logout(); |
331 if ( $l == 'success' ) |
337 if ( $l == 'success' ) |
332 { |
338 { |
333 redirect(makeUrl(getConfig('main_page'), false, true), 'Logged out', 'You have been successfully logged out, and all cookies have been cleared. You will now be transferred to the main page.', 4); |
339 redirect(makeUrl($target_page, false, true), 'Logged out', 'You have been successfully logged out, and all cookies have been cleared. You will now be transferred to the main page.', 4); |
334 } |
340 } |
335 $template->header(); |
341 $template->header(); |
336 echo '<h3>An error occurred during the logout process.</h3><p>'.$l.'</p>'; |
342 echo '<h3>An error occurred during the logout process.</h3><p>'.$l.'</p>'; |
337 $template->footer(); |
343 $template->footer(); |
338 } |
344 } |