From b3cbbbfa7e71ec5f448d342312e98997b0ed0098 Mon Sep 17 00:00:00 2001 From: Nate Jones Date: Sun, 12 Apr 2015 19:48:29 +0000 Subject: [PATCH] Logout: Prevent SQL error on logout if already logged out in a different window/tab. --- logout.php | 134 +++++++++++++++++++++++++++-------------------------- 1 file changed, 68 insertions(+), 66 deletions(-) diff --git a/logout.php b/logout.php index c90579e389..b1f9f888b5 100644 --- a/logout.php +++ b/logout.php @@ -28,78 +28,80 @@ include "root.php"; require_once "resources/require.php"; //check for login return preference - if ($_SESSION['login']['destination_last']['boolean'] == 'true') { - if ($_SERVER['HTTP_REFERER'] != '') { - //convert to relative path - $referrer = substr($_SERVER['HTTP_REFERER'], strpos($_SERVER['HTTP_REFERER'], $_SERVER["HTTP_HOST"]) + strlen($_SERVER["HTTP_HOST"])); - //check if destination url already exists - $sql = "select count(*) as num_rows from v_user_settings "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and user_uuid = '".$_SESSION["user_uuid"]."' "; - $sql .= "and user_setting_category = 'login' "; - $sql .= "and user_setting_subcategory = 'destination' "; - $sql .= "and user_setting_name = 'url' "; - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - $exists = ($row['num_rows'] > 0) ? true : false; - } - unset($sql, $prep_statement, $row); - - //if exists, update - if ($exists) { - $sql = "update v_user_settings set "; - $sql .= "user_setting_value = '".$referrer."', "; - $sql .= "user_setting_enabled = 'true' "; + if ($_SESSION["user_uuid"] != '') { + if ($_SESSION['login']['destination_last']['boolean'] == 'true') { + if ($_SERVER['HTTP_REFERER'] != '') { + //convert to relative path + $referrer = substr($_SERVER['HTTP_REFERER'], strpos($_SERVER['HTTP_REFERER'], $_SERVER["HTTP_HOST"]) + strlen($_SERVER["HTTP_HOST"])); + //check if destination url already exists + $sql = "select count(*) as num_rows from v_user_settings "; $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; $sql .= "and user_uuid = '".$_SESSION["user_uuid"]."' "; $sql .= "and user_setting_category = 'login' "; $sql .= "and user_setting_subcategory = 'destination' "; $sql .= "and user_setting_name = 'url' "; - $db->exec(check_sql($sql)); - unset($sql); - } - //otherwise, insert - else { - $sql = "insert into v_user_settings "; - $sql .= "( "; - $sql .= "user_setting_uuid, "; - $sql .= "domain_uuid, "; - $sql .= "user_uuid, "; - $sql .= "user_setting_category, "; - $sql .= "user_setting_subcategory, "; - $sql .= "user_setting_name, "; - $sql .= "user_setting_value, "; - $sql .= "user_setting_enabled "; - $sql .= ") "; - $sql .= "values "; - $sql .= "( "; - $sql .= "'".uuid()."', "; - $sql .= "'".$_SESSION['domain_uuid']."', "; - $sql .= "'".$_SESSION["user_uuid"]."', "; - $sql .= "'login', "; - $sql .= "'destination', "; - $sql .= "'url', "; - $sql .= "'".$referrer."', "; - $sql .= "'true' "; - $sql .= ") "; - $db->exec(check_sql($sql)); - unset($sql); - } + $prep_statement = $db->prepare($sql); + if ($prep_statement) { + $prep_statement->execute(); + $row = $prep_statement->fetch(PDO::FETCH_ASSOC); + $exists = ($row['num_rows'] > 0) ? true : false; + } + unset($sql, $prep_statement, $row); + + //if exists, update + if ($exists) { + $sql = "update v_user_settings set "; + $sql .= "user_setting_value = '".$referrer."', "; + $sql .= "user_setting_enabled = 'true' "; + $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; + $sql .= "and user_uuid = '".$_SESSION["user_uuid"]."' "; + $sql .= "and user_setting_category = 'login' "; + $sql .= "and user_setting_subcategory = 'destination' "; + $sql .= "and user_setting_name = 'url' "; + $db->exec(check_sql($sql)); + unset($sql); + } + //otherwise, insert + else { + $sql = "insert into v_user_settings "; + $sql .= "( "; + $sql .= "user_setting_uuid, "; + $sql .= "domain_uuid, "; + $sql .= "user_uuid, "; + $sql .= "user_setting_category, "; + $sql .= "user_setting_subcategory, "; + $sql .= "user_setting_name, "; + $sql .= "user_setting_value, "; + $sql .= "user_setting_enabled "; + $sql .= ") "; + $sql .= "values "; + $sql .= "( "; + $sql .= "'".uuid()."', "; + $sql .= "'".$_SESSION['domain_uuid']."', "; + $sql .= "'".$_SESSION["user_uuid"]."', "; + $sql .= "'login', "; + $sql .= "'destination', "; + $sql .= "'url', "; + $sql .= "'".$referrer."', "; + $sql .= "'true' "; + $sql .= ") "; + $db->exec(check_sql($sql)); + unset($sql); + } + } + } + else { + //disable if not to remember last + $sql = "update v_user_settings set "; + $sql .= "user_setting_enabled = 'false' "; + $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; + $sql .= "and user_uuid = '".$_SESSION["user_uuid"]."' "; + $sql .= "and user_setting_category = 'login' "; + $sql .= "and user_setting_subcategory = 'destination' "; + $sql .= "and user_setting_name = 'url' "; + $db->exec(check_sql($sql)); + unset($sql); } - } - else { - //disable if not to remember last - $sql = "update v_user_settings set "; - $sql .= "user_setting_enabled = 'false' "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and user_uuid = '".$_SESSION["user_uuid"]."' "; - $sql .= "and user_setting_category = 'login' "; - $sql .= "and user_setting_subcategory = 'destination' "; - $sql .= "and user_setting_name = 'url' "; - $db->exec(check_sql($sql)); - unset($sql); } //redirect the user to the index page