session now gets destroyed on logout

2019-08-08 15:11:45 +02:00 · 2019-08-08 15:11:45 +02:00 · 7392f66e11
commit 7392f66e11
parent 34d9e27de5
3 changed files with 53 additions and 4 deletions
--- a/api/blueweather.php
+++ b/api/blueweather.php
@ -133,6 +133,24 @@ class BlueWeather
        return($data);
    }

+    /**
+     * Function to destroy a user session
+     * 
+     * @param string $session session-token
+     * 
+     * @return int 200: OK; 401: session does not exist
+     */
+    public function destroySession($session)
+    {
+        $sql = "DELETE FROM `sessions` 
+        WHERE `session`=\"".$this->_con->real_escape_string($session)."\"";
+
+        if ($this->_con->query($sql)) {
+            return 200;
+        } else {
+            return 500;
+        }
+    }

    // --------------------
    // - getter functions -
--- a/api/json.php
+++ b/api/json.php
@ -76,6 +76,17 @@ if (isset($_GET['locId'])) {
                }

            }
+            break;
+        case 1002:
+            // destroy session
+            if (!isset($request['body'])) {
+                $data = array("header"=>400);
+            } else {
+                $data = array(
+                    "header"=>$blueweather->destroySession($request['body'])
+                );
+
+            }
        }
    }
 } else {
--- a/js/blueweather.js
+++ b/js/blueweather.js
@ -79,6 +79,27 @@ class BlueWeather {
        xhttp.send()
    }

+    logout() {
+        var xhttp = new XMLHttpRequest();
+        var thisObject = this
+
+        xhttp.onreadystatechange = function () {
+            if (this.readyState === 4) {
+                if (this.status === 200) {
+                    thisObject.log("logout response was: " + this.responseText, 3)
+                    document.cookie = "session=;"
+                    location.reload()
+                }
+            }
+        }
+
+        var request = JSON.stringify({ header: 1002, body: this.session.token })
+        var url = this.host + "/api/json.php?command=" + request
+        this.log("starting logout request; URL is: " + url, 3)
+        xhttp.open("GET", url, true)
+        xhttp.send()
+    }
+
    checkSession(token, processingFunction) {
        var xhttp = new XMLHttpRequest();
        var thisObject = this
@ -389,8 +410,7 @@ class BlueWeather {
            profileDropdown.appendChild(createDropdownMenuElement("settings", " Settings"))
            profileDropdown.appendChild(createDropdownSeparator())
            profileDropdown.appendChild(createDropdownMenuElement("log-out", " Log out", function () {
-                document.cookie = "session=;"
-                location.reload()
+                thisObject.logout()
            }))

        }