D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
usr
/
share
/
psa-roundcube
/
plugins
/
autologout
/
Filename :
autologout.php
back
Copy
<?php /** * Plugin to auto log out users with a POST request sent from an external site. * * @license GNU GPLv3+ * @author Cover Tower LLC * * First enable this plugin by setting $config['plugins'] = array(..., 'autologout') * in the Roundcube configuration file (config.inc.php). To use it, embed * a form like the following in a web page: * * <form id="rcLogoutForm" method="POST" action="https://mail.example.com/"> * <input type="hidden" name="_action" value="logout" /> * <input type="hidden" name="_task" value="logout" /> * <input type="hidden" name="_autologout" value="1" /> * <input id="loSubmitButton" type="submit" value="Logout" /> * </form> * * This plugin won't work if the POST request is made using CURL or other * methods. It will only work if the POST request is made by submitting a * form similar to the one from above. The form can be hidden and it can * be sent automatically using JavaScript or JQuery (for example by using: * $("#loSubmitButton").click();) */ class autologout extends rcube_plugin { public $task = 'logout'; /** * Plugin initialization */ public function init() { $this->add_hook('startup', [$this, 'startup']); } /** * Request handler */ public function startup($args) { $rcmail = rcmail::get_instance(); // Change task and action to logout if (!empty($_SESSION['user_id']) && !empty($_POST['_autologout']) && $this->known_client()) { $rcmail->logout_actions(); $rcmail->kill_session(); } return $args; } /** * Checks if the request came from an allowed client IP */ private function known_client() { /* * If you want to restrict the use of this plugin to specific * remote clients, you can verify the remote client's IP like this: * * return in_array(rcube_utils::remote_addr(), ['123.123.123.123', '124.124.124.124']); */ return true; } }