User ID in logout link

Amic · 2006-12-31 18:54

Amic
New Member
Offline

Registered: 2006-12-31
Posts: 1

Topic: User ID in logout link

For what reason there is an ID in logout link (for example http://test/login.php?action=out&id=2)?

else if ($action == 'out')
{
    if ($pun_user['is_guest'] || !isset($_GET['id']) || $_GET['id'] != $pun_user['id'])
    {
        header('Location: '.pun_link($pun_url['index']));
        exit;
    }

May be simply replace by:

else if ($action == 'out')
{
    if ($pun_user['is_guest'])
    {
        header('Location: '.pun_link($pun_url['index']));
        exit;
    }

It'll help me to integrate forum in CMS, where i don't have access to $pun_user['id'] and can not give user a link to logout. Thx and sorry for my english (:

Frank H · 2006-12-31 20:39

Frank H
Former PunBB Developer
Offline

Registered: 2003-03-16
Posts: 1,423

Re: User ID in logout link

IIRC it was added because of the people making false logout links

[url=login.php?action=out]Look at my new site[/url]

Adding that id will make it only to work for one person ... not everyone clicking there...

no security stuff, just to stop annoying things

User ID in logout link

Posts: 2

1 Topic by Amic 2006-12-31 18:54

Topic: User ID in logout link

2 Reply by Frank H 2006-12-31 20:39

Re: User ID in logout link

Posts: 2