Anyway to force a logout of all users?

[Bellardia]

Quote:

Originally Posted by SnapOff Racing

Tried this and it doesn't work.



How would I be able to do this for every user without actually having access to their computer? Cookies are stored in their web browser.

Since you're in control of the sever, you would make it write a new cookie to all users who try and connect to your site. Using the same variables as vbulletin you could overwrite the saved information, but he included the drawbacks as well.

This method would have to stay active until each logged in user has viewed the forums, and until then without additional coding no users could log in.

If you know about cookies you might be able to reset vbulletin's cookie and then use one to save the info when they try and log-in again.

[SnapOff Racing]

Hmm is there possibly a piece of code that I could add to my index.php file so that when the user browses to that page the system will reset their cookies causing them to logout? Then along with that piece of code I could specify how long the user is allowed to stay logged in until they get logged out and have to log in agian... For example something like ...

PHP Code:

$countLogout = $_COOKIE["countLogout"];
    echo "Cookie's value: " . $countLogout; 
   
   if($countLogout == 0)
     {
      setcookie("countLogout",1,time()+604800); // save cookie for one week!
      $vbulletin->input->clean_gpc('r', 'logouthash', TYPE_STR);
      process_logout();
     } 


[Medtech]

i restart my vps server, that clears everyone out

[Bellardia]

Quote:

Originally Posted by SnapOff Racing

Hmm is there possibly a piece of code that I could add to my index.php file so that when the user browses to that page the system will reset their cookies causing them to logout? Then along with that piece of code I could specify how long the user is allowed to stay logged in until they get logged out and have to log in agian... For example something like ...

PHP Code:

$countLogout = $_COOKIE["countLogout"];
    echo "Cookie's value: " . $countLogout; 
   
   if($countLogout == 0)
     {
      setcookie("countLogout",1,time()+604800); // save cookie for one week!
      $vbulletin->input->clean_gpc('r', 'logouthash', TYPE_STR);
      process_logout();
     } 


The problem with this is that every time a user views the page they will be forcefully logged out again. This is why a second cookie was suggested. You could change the countLogout time to some small period of time to ensure that they expire after a few hours, that way users could still use the forums, they'd just have to relogin every few hours until you're sure everyone has logged out.

If you have access to your whole sever, you could reset its stored sessions, which should log out all users.

[SnapOff Racing]

Quote:

Originally Posted by Bellardia

The problem with this is that every time a user views the page they will be forcefully logged out again. This is why a second cookie was suggested. You could change the countLogout time to some small period of time to ensure that they expire after a few hours, that way users could still use the forums, they'd just have to relogin every few hours until you're sure everyone has logged out.

If you have access to your whole sever, you could reset its stored sessions, which should log out all users.

I do have access to the entire server, it's sitting in the other room lol So how would I reset the stored sessions? I'm running Abyss Webserver and I don't recall seeing an option that your talking about in the Configuration Menu. Do I need to do this via MySQL or somewhere else?

[Bellardia]

I may have spoken too quickly on that last comment. I was under the impression that you could clear sessions since they are (at least partly) sever sided, however I'm not sure exactly where they are saved or how to clear them.

Better suggestion - use a php script that writes a session such as $_SESSION['flush'] = 1; to mark the user has already seen the script, if they haven't viewed the script yet redirect them to the logout page.

Code:

<?
session_start(); 
if ($_SESSION['flush'] != 1)
{
	$_SESSION['flush']= 1; 
	header( 'Location: /login.php?do=loguserout&u='.$bbuserinfo[userid] ) ;
}
?>

Try imbedding this in the php of your index file, make sure it executes before any output since it uses a header.

[Dismounted]

PHP Code:

$logout_time = $vbulletin->input->clean_gpc('c', COOKIE_PREFIX . 'nextlogout', TYPE_UINT);

if (TIMENOW > $logout_time)
{
    // clear authentication cookies
    vbsetcookie('sessionhash', '');
    vbsetcookie('userid', '');
    vbsetcookie('password', '');

    // set next clear time
    vbsetcookie('nextlogout', TIMENOW + 604800);
} 


[SnapOff Racing]

Quote:

Originally Posted by Bellardia

I may have spoken too quickly on that last comment. I was under the impression that you could clear sessions since they are (at least partly) sever sided, however I'm not sure exactly where they are saved or how to clear them.

Better suggestion - use a php script that writes a session such as $_SESSION['flush'] = 1; to mark the user has already seen the script, if they haven't viewed the script yet redirect them to the logout page.

Code:

<?
session_start(); 
if ($_SESSION['flush'] != 1)
{
	$_SESSION['flush']= 1; 
	header( 'Location: /login.php?do=loguserout&u='.$bbuserinfo[userid] ) ;
}
?>

Try imbedding this in the php of your index file, make sure it executes before any output since it uses a header.

Interesting, I will have to play around with that one. Thanks man

Quote:

Originally Posted by Dismounted

PHP Code:

$logout_time = $vbulletin->input->clean_gpc('c', COOKIE_PREFIX . 'nextlogout', TYPE_UINT);

if (TIMENOW > $logout_time)
{
    // clear authentication cookies
    vbsetcookie('sessionhash', '');
    vbsetcookie('userid', '');
    vbsetcookie('password', '');

    // set next clear time
    vbsetcookie('nextlogout', TIMENOW + 604800);
} 


Ohh nice, I tried this one and it seems to work exactly like the one I posted.. Any idea what the pros and cons to using this one over the one I posted?

[Marco van Herwaarden]

If you only need to firce logout once (or not often) then clearing the session table and changing the cookie prefix in your config.php should do the trick.

[SnapOff Racing]

Quote:

Originally Posted by Marco van Herwaarden

If you only need to firce logout once (or not often) then clearing the session table and changing the cookie prefix in your config.php should do the trick.

Ohhh that's a good one too. Would I need to do both or could I just clear the session table?