ChangeSet ID: 26196 CVSROOT: /opt/cvs-commit Module name: appdb Changes by: wineowner(a)winehq.org 2006/07/05 23:21:04 Modified files: . : account.php include : user.php Log message: Chris Morgan <cmorgan(a)alum.wpi.edu> Use $GLOBALS['session']->destroy() instead of setting $_SESSION['current'] = "". Using "" means that $_SESSION['current'] could be set but be a string. Don't call addmsg() after logging out otherwise the session message will be lost and can show up for other users or be stuck in the database Patch: http://cvs.winehq.org/patch.py?id=26196 Old revision New revision Changes Path 1.24 1.25 +0 -4 appdb/account.php 1.73 1.74 +5 -4 appdb/include/user.php Index: appdb/account.php diff -u -p appdb/account.php:1.24 appdb/account.php:1.25 --- appdb/account.php:1.24 6 Jul 2006 4:21: 4 -0000 +++ appdb/account.php 6 Jul 2006 4:21: 4 -0000 @@ -58,10 +58,6 @@ function do_account($sCmd = null) if($_SESSION['current']) $_SESSION['current']->logout(); - /* destroy all session variables */ - $GLOBALS['session']->destroy(); - - addmsg("You are successfully logged out.", "green"); redirect(apidb_fullurl("index.php")); exit; } Index: appdb/include/user.php diff -u -p appdb/include/user.php:1.73 appdb/include/user.php:1.74 --- appdb/include/user.php:1.73 6 Jul 2006 4:21: 4 -0000 +++ appdb/include/user.php 6 Jul 2006 4:21: 4 -0000 @@ -82,15 +82,16 @@ class User { return SUCCESS; } - /* null out the session variable for the current user since we failed to login */ - $_SESSION['current'] = ""; + /* destroy all session variables since we failed to login */ + $GLOBALS['session']->destroy(); + return USER_LOGIN_FAILED; } function logout() { - /* null out the session current variable to log us out */ - $_SESSION['current'] = ""; + /* destroy all session variables since we are logging out */ + $GLOBALS['session']->destroy(); }