From e1ceb050e19c7574bca146a8da7047ee4ff456b5 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Sun, 10 Jul 2016 05:02:35 -0400
Subject: [PATCH] Merge branch 'stable-3.1'

---
 interface/web/login/logout.php |   56 +++++++++++++++++++++++++++++++++++++++++++++++++-------
 1 files changed, 49 insertions(+), 7 deletions(-)

diff --git a/interface/web/login/logout.php b/interface/web/login/logout.php
index cdc78f8..a4a127f 100644
--- a/interface/web/login/logout.php
+++ b/interface/web/login/logout.php
@@ -27,19 +27,61 @@
 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 
-require_once('../../lib/config.inc.php');
-require_once('../../lib/app.inc.php');
+require_once '../../lib/config.inc.php';
+require_once '../../lib/app.inc.php';
+
+/*
+ * Check if the logout is forced
+ */
+$forceLogout = false;
+if (isset($_GET['l']) && ($_GET['l']== 1)) $forceLogout = true;
+
+/*
+ * if the admin is logged in as client, then ask, if the admin want't to
+ * "re-login" as admin again
+ */
+if ((isset($_SESSION['s_old']) && ($_SESSION['s_old']['user']['typ'] == 'admin' || $app->auth->has_clients($_SESSION['s_old']['user']['userid']))) &&
+	(!$forceLogout)){
+	$utype = ($_SESSION['s_old']['user']['typ'] == 'admin' ? 'admin' : 'reseller');
+	$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_login_as.lng';
+	include $lng_file;
+	echo '
+		<br /> <br />	<br /> <br />
+		'.str_replace('{UTYPE}', $utype, $wb['login_as_or_logout_txt']).'<br />
+		<div style="visibility:hidden">
+			<input type="text" name="username" value="' . $_SESSION['s_old']['user']['username'] . '" />
+			<input type="password" name="password" value="' . $_SESSION['s_old']['user']['passwort'] .'" />
+		</div>
+		<input type="hidden" name="s_mod" value="login" />
+		<input type="hidden" name="s_pg" value="index" />
+		<input type="hidden" name="login_as" value="1" />
+	    <div class="wf_actions buttons">
+	      <button class="btn btn-default formbutton-success" type="button" value="Yes, re-login as ' . $utype . '" data-submit-form="pageForm" data-form-action="/login/index.php"><span>Yes, re-login as ' . $utype . '</span></button>
+	      <button class="btn btn-default formbutton-default" type="button" value="No, logout" data-load-content="login/logout.php?l=1"><span>No, logout</span></button>
+	    </div>
+	';
+	exit;
+}
+
+$app->plugin->raiseEvent('logout', true);
 
 $_SESSION["s"]["user"] = null;
 $_SESSION["s"]["module"] = null;
+$_SESSION['s_old'] = null;
 
 //header("Location: ../index.php?phpsessid=".$_SESSION["s"]["id"]);
 
-
 if($_SESSION["s"]["site"]["logout"] != '') {
-	header("Location: ".$_SESSION["s"]["site"]["logout"]);
+	echo 'URL_REDIRECT:'.$_SESSION["s"]["site"]["logout"];
 } else {
-	header("Location: ../index.php");
+	if($conf["interface_logout_url"] != '') {
+		echo 'URL_REDIRECT:'.$conf["interface_logout_url"];
+	} else {
+		echo 'URL_REDIRECT:index.php';
+	}
 }
-exit;
-?>
\ No newline at end of file
+// Destroy the session completely now
+$_SESSION = array();
+session_destroy();
+session_write_close();
+?>

--
Gitblit v1.9.1