Logout from index.php

g00se · Post by **g00se** » Tue Jan 22, 2008 1:42 am

Hi!

I'm using a special configured variant of s9y. I use a variant of the httpauth plugin to let the server do the authentification. He does the auth automatically via Kerberos, so if somebody tries to enter the serendipity_admin.php the auth is already done when s9y get's a chance to start working

.
So the logon works. Also I like to use the login plugin (currently unmodified) and the login works, but I can't logoff from the index.php. The logoff button doesn't work. It's does only a side refresh.

The parameter is

Code: Select all

serendipity[action]=logout

.
The only solution I've seen is to log is to use

Code: Select all

serendipity_admin.php?serendipity[adminModule]=logout

The problem is that I would like to logoff without using the admin page.

PS: loginform does say

// Logout is performed in bundled event plugin!

but I doesn't found anything...

Does anybody knows how to get the plugin working?

Post by **garvinhicking** » Tue Jan 22, 2008 11:57 am

Hi!

Yeah, the logout cannot be performed within the sidebar plugin, because when it starts, the page has already re-authenticated a user.

There should be a plugin serendipity_event_loginform or serendipity_event_login which is a event plugin that should deal with the logout.

Regards,
Garvin

g00se · Post by **g00se** » Tue Jan 22, 2008 12:22 pm

Does something like that exist? Or how can it be done?
(Just point at some files...)

I just quick and dirty modified the loginform plugin:

Code: Select all

56a57
>
59,64c60,61
<             echo '<div class="serendipity_center serendipity_msg_important">' . WRONG_USERNAME_OR_PASSWORD . '</div>';      
<       } elseif (serendipity_userLoggedIn()) {
<           if (isset($serendipity['POST']['logout'])) {
<                   serendipity_logout();
<                   return true;
<           }
---
>             echo '<div class="serendipity_center serendipity_msg_important">' . WRONG_USERNAME_OR_PASSWORD . '</div>';
>         } elseif (serendipity_userLoggedIn()) {
67,68c64,65
<             echo '<input type="hidden" name="serendipity[action]" value="logout" />';
<             echo '<input type="submit" name="serendipity[logout]" value="' . LOGOUT . ' >" />';
---
>             echo '<input type="hidden" name="serendipity[logout]" value="true" />';
>             echo '<input type="submit" name="serendipity[action]" value="' . LOGOUT . ' >" />';

So the loginform does perform the logout if $serendipity['POST'][logout] is set...

The question is that okay or does is a event plugin a better solution?

Post by **garvinhicking** » Tue Jan 22, 2008 12:32 pm

Hi!

Do you have a unified diff for this? I can't make anything out of this diff, neither can I apply it with 'patch'.

Regards,
Garvin

g00se · Post by **g00se** » Tue Jan 22, 2008 1:09 pm

Here is the file...

Code: Select all

<?php # $Id: serendipity_plugin_loginform.php,v 1.14 2006/12/01 09:00:55 garvinhicking Exp $


if (IN_serendipity !== true) {
    die ("Don't hack!");
}

// Probe for a language include with constants. Still include defines later on, if some constants were missing
$probelang = dirname(__FILE__) . '/' . $serendipity['charset'] . 'lang_' . $serendipity['lang'] . '.inc.php';
if (file_exists($probelang)) {
    include $probelang;
}

include dirname(__FILE__) . '/lang_en.inc.php';

class serendipity_plugin_loginform extends serendipity_plugin {
    function introspect(&$propbag)
    {
        $propbag->add('name',          PLUGIN_LOGINFORM_NAME);
        $propbag->add('description',   PLUGIN_LOGINFORM_DESC);
        $propbag->add('stackable',     false);
        $propbag->add('author',        'Garvin Hicking');
        $propbag->add('version',       '1.06');
        $propbag->add('requirements',  array(
            'serendipity' => '0.8',
            'smarty'      => '2.6.7',
            'php'         => '4.1.0'
        ));
        $propbag->add('configuration', array('title'));
        $propbag->add('groups', array('FRONTEND_FEATURES'));

        // Register (multiple) dependencies. KEY is the name of the depending plugin. VALUE is a mode of either 'remove' or 'keep'.
        // If the mode 'remove' is set, removing the plugin results in a removal of the depending plugin. 'Keep' meens to
        // not touch the depending plugin.
        $this->dependencies = array('serendipity_event_loginform' => 'remove');
    }

    function introspect_config_item($name, &$propbag)
    {
        switch($name) {
            case 'title':
                $propbag->add('type',        'string');
                $propbag->add('name',        TITLE);
                $propbag->add('description', TITLE);
                $propbag->add('default',     '');
                break;

            default:
                    return false;
        }
        return true;
    }

    function generate_content(&$title) {
        global $serendipity;
        $title = $this->get_config('title', $title);
        $url = serendipity_currentURL();
        if (isset($serendipity['POST']['action']) && !isset($serendipity['POST']['logout']) && !serendipity_userLoggedIn()) {
            echo '<div class="serendipity_center serendipity_msg_important">' . WRONG_USERNAME_OR_PASSWORD . '</div>';
        } elseif (serendipity_userLoggedIn()) {
            if (isset($serendipity['POST']['logout'])) {
                    serendipity_logout();
                    return true;
            }
            echo '<div class="serendipity_center">' . WELCOME_BACK . ' ' . $_SESSION['serendipityUser'] . '</div>';
            echo '<form id="loginform" action="' . $url . '" method="post">';
            echo '<input type="hidden" name="serendipity[action]" value="logout" />';
            echo '<input type="submit" name="serendipity[logout]" value="' . LOGOUT . ' >" />';

            $show_entry = false;
            $show_media = false;
            if (function_exists('serendipity_checkPermission')) {
                if (serendipity_checkPermission('adminEntries')) {
                    $show_entry = true;
                }

                if (serendipity_checkPermission('adminImages') && serendipity_checkPermission('adminImagesAdd')) {
                    $show_media = true;
                }
            } elseif (!$serendipity['no_create']) {
                $show_entry = true;
                $show_media = true;
            }


            if ($show_entry) {
                echo '<div class="loginform_link_entry"><a href="' . $serendipity['baseURL'] . 'serendipity_admin.php?serendipity[adminModule]=entries&serendipity[adminAction]=new">' . NEW_ENTRY . '</a></div>';
            }

            if ($show_media) {
                echo '<div class="loginform_link_media"><a href="' . $serendipity['baseURL'] . 'serendipity_admin.php?serendipity[adminModule]=media&serendipity[adminAction]=addSelect">' . ADD_MEDIA . '</a></div>';
            }

            echo '</form>';
            return true;
        }
        // Logout is performed in bundled event plugin!

        echo '<form id="loginform" action="' . $url . '" method="post">';
        echo '<div>';
        echo USERNAME . ' <input type="text" name="serendipity[user]" value="" /><br />';
        echo PASSWORD . ' <input type="password" name="serendipity[pass]" value="" /><br />';
        echo '<input id="autologin" type="checkbox" name="serendipity[auto]" style="float: left; display: inline; width: 20px" /><label for="autologin"> ' . AUTOMATIC_LOGIN . '</label><br />';
        echo '<input type="submit" name="serendipity[action]" value="' . LOGIN . ' >" />';
        echo '</div>';
        echo '</form>';

        return true;
    }
}

/* vim: set sts=4 ts=4 expandtab : */

Post by **garvinhicking** » Tue Jan 22, 2008 1:48 pm

Hi!

Hm, I believe this might not work. Raise your error_Reporting, I think you'll see some error notices that headers/cookies cannot be set at this place.

The logout routine is performed in serendpity_event_loginform ( a seperate plugin).

HTH,
Garvin

g00se · Post by **g00se** » Tue Jan 22, 2008 2:19 pm

Nope, I got no error using this code (just rechecked) and my error_reporting is set by s9y.
Would you like to look at my installation?

Besides I just checked out event_loginform and installed and it does also work

. Could you add a note in plugin_loginform that a event_loginform exists, just for the next one...

PS: I do use different installations of s9y for testing.

Greetz

Post by **garvinhicking** » Tue Jan 22, 2008 2:32 pm

Hi!

I'm just wondering about the errors, because the header() call to unset a cookie should actually be too late in code?

Regards,
Garvin

g00se · Post by **g00se** » Tue Jan 22, 2008 3:16 pm

I know what you mean, but I not sure at which point the function is called... Sorry. On the other side I believe the provided solution of a event is the better way.

Thanks

Logout from index.php

Logout from index.php

Re: Logout from index.php