From 7392f66e1159f690e5fbda6a31479e054e45c6a4 Mon Sep 17 00:00:00 2001
From: dorian <dozedler@gmail.com>
Date: Thu, 8 Aug 2019 15:11:45 +0200
Subject: [PATCH] session now gets destroyed on logout

---
 api/blueweather.php | 18 ++++++++++++++++++
 api/json.php        | 11 +++++++++++
 js/blueweather.js   | 28 ++++++++++++++++++++++++----
 3 files changed, 53 insertions(+), 4 deletions(-)

diff --git a/api/blueweather.php b/api/blueweather.php
index d053724..1ecb8d0 100755
--- a/api/blueweather.php
+++ b/api/blueweather.php
@@ -133,6 +133,24 @@ class BlueWeather
         return($data);
     }
 
+    /**
+     * Function to destroy a user session
+     * 
+     * @param string $session session-token
+     * 
+     * @return int 200: OK; 401: session does not exist
+     */
+    public function destroySession($session)
+    {
+        $sql = "DELETE FROM `sessions` 
+        WHERE `session`=\"".$this->_con->real_escape_string($session)."\"";
+
+        if ($this->_con->query($sql)) {
+            return 200;
+        } else {
+            return 500;
+        }
+    }
 
     // --------------------
     // - getter functions -
diff --git a/api/json.php b/api/json.php
index 8089353..1befe5d 100755
--- a/api/json.php
+++ b/api/json.php
@@ -76,6 +76,17 @@ if (isset($_GET['locId'])) {
                 }
 
             }
+            break;
+        case 1002:
+            // destroy session
+            if (!isset($request['body'])) {
+                $data = array("header"=>400);
+            } else {
+                $data = array(
+                    "header"=>$blueweather->destroySession($request['body'])
+                );
+
+            }
         }
     }
 } else {
diff --git a/js/blueweather.js b/js/blueweather.js
index 8f34bdb..5c255c4 100755
--- a/js/blueweather.js
+++ b/js/blueweather.js
@@ -79,6 +79,27 @@ class BlueWeather {
         xhttp.send()
     }
 
+    logout() {
+        var xhttp = new XMLHttpRequest();
+        var thisObject = this
+
+        xhttp.onreadystatechange = function () {
+            if (this.readyState === 4) {
+                if (this.status === 200) {
+                    thisObject.log("logout response was: " + this.responseText, 3)
+                    document.cookie = "session=;"
+                    location.reload()
+                }
+            }
+        }
+
+        var request = JSON.stringify({ header: 1002, body: this.session.token })
+        var url = this.host + "/api/json.php?command=" + request
+        this.log("starting logout request; URL is: " + url, 3)
+        xhttp.open("GET", url, true)
+        xhttp.send()
+    }
+
     checkSession(token, processingFunction) {
         var xhttp = new XMLHttpRequest();
         var thisObject = this
@@ -356,7 +377,7 @@ class BlueWeather {
             profileDropdown.setAttribute("aria-labelledby", "userDropdown")
 
             // fill the dropdown menu
-            function createDropdownMenuElement(icon, text, onclick=null) {
+            function createDropdownMenuElement(icon, text, onclick = null) {
                 // create element
                 var elem = document.createElement("a")
                 elem.classList.add("dropdown-item")
@@ -388,9 +409,8 @@ class BlueWeather {
             profileDropdown.appendChild(createDropdownSeparator())
             profileDropdown.appendChild(createDropdownMenuElement("settings", " Settings"))
             profileDropdown.appendChild(createDropdownSeparator())
-            profileDropdown.appendChild(createDropdownMenuElement("log-out", " Log out", function() {
-                document.cookie = "session=;"
-                location.reload()
+            profileDropdown.appendChild(createDropdownMenuElement("log-out", " Log out", function () {
+                thisObject.logout()
             }))
 
         }