Update AJAXChat.php

1 files changed, 9 insertions, 6 deletions

diff --git a/chat/lib/class/AJAXChat.php b/chat/lib/class/AJAXChat.php
index 381987e..fb1168c 100644
--- a/chat/lib/class/AJAXChat.php
+++ b/chat/lib/class/AJAXChat.php
@@ -82,6 +82,7 @@ class AJAXChat {
 		$this->_requestVars['getInfos']		= isset($_REQUEST['getInfos'])		? $_REQUEST['getInfos']			: null;
 		$this->_requestVars['lang']			= isset($_REQUEST['lang'])			? $_REQUEST['lang']				: null;
 		$this->_requestVars['delete']		= isset($_REQUEST['delete'])		? (int)$_REQUEST['delete']		: null;
+                $this->_requestVars['token']            = isset($_REQUEST['token'])             ? $_REQUEST['token'] : null;
 		
 		// Initialize custom request variables:
 		$this->initCustomRequestVars();
@@ -132,16 +133,18 @@ class AJAXChat {
 		$this->startSession();
 
 		if($this->isLoggedIn()) {
-			// Logout if we receive a logout request, the chat has been closed or the userID could not be revalidated:
-			if($this->getRequestVar('logout') || !$this->isChatOpen() || !$this->revalidateUserID()) {
-				$this->logout();
-				return;
-			}
-			// Logout if the Session IP is not the same when logged in and ipCheck is enabled:
+// Logout if the Session IP is not the same when logged in and ipCheck is enabled:
 			if($this->getConfig('ipCheck') && ($this->getSessionIP() === null || $this->getSessionIP() != $_SERVER['REMOTE_ADDR'])) {
 				$this->logout('IP');
 				return;
 			}
+
+			// Logout if we receive a logout request, the chat has been closed or the userID could not be revalidated:
+			if($this->getRequestVar('logout') && $this->getRequestVar('token') == session_id() || !$this->isChatOpen() || !$this->revalidateUserID()) {
+				$this->logout();
+				return;
+			}
+			
 		} else if(
 			// Login if auto-login enabled or a login, userName or shoutbox parameter is given:
 			$this->getConfig('forceAutoLogin') ||