Merge branch 'Jugolo-patch-1'

4 files changed, 15 insertions, 8 deletions

diff --git a/chat/js/chat.js b/chat/js/chat.js
index c42b32a..ca0461d 100644
--- a/chat/js/chat.js
+++ b/chat/js/chat.js
@@ -120,6 +120,7 @@ var ajaxChat = {
 	},
 
 	initConfig: function(config) {
+                this.token                              = config["token"];
 		this.loginChannelID			= config['loginChannelID'];
 		this.loginChannelName		= config['loginChannelName'];
 		this.timerRate				= config['timerRate'];
@@ -2044,7 +2045,7 @@ var ajaxChat = {
 	logout: function() {
 		clearTimeout(this.timer);
 		var message = 'logout=true';
-		this.makeRequest(this.ajaxURL,'POST',message);
+		this.makeRequest(this.ajaxURL+"&token="+this.token,'POST',message);
 	},
 
 	handleLogout: function(url) {
diff --git a/chat/lib/class/AJAXChat.php b/chat/lib/class/AJAXChat.php
index 381987e..fb1168c 100644
--- a/chat/lib/class/AJAXChat.php
+++ b/chat/lib/class/AJAXChat.php
@@ -82,6 +82,7 @@ class AJAXChat {
 		$this->_requestVars['getInfos']		= isset($_REQUEST['getInfos'])		? $_REQUEST['getInfos']			: null;
 		$this->_requestVars['lang']			= isset($_REQUEST['lang'])			? $_REQUEST['lang']				: null;
 		$this->_requestVars['delete']		= isset($_REQUEST['delete'])		? (int)$_REQUEST['delete']		: null;
+                $this->_requestVars['token']            = isset($_REQUEST['token'])             ? $_REQUEST['token'] : null;
 		
 		// Initialize custom request variables:
 		$this->initCustomRequestVars();
@@ -132,16 +133,18 @@ class AJAXChat {
 		$this->startSession();
 
 		if($this->isLoggedIn()) {
-			// Logout if we receive a logout request, the chat has been closed or the userID could not be revalidated:
-			if($this->getRequestVar('logout') || !$this->isChatOpen() || !$this->revalidateUserID()) {
-				$this->logout();
-				return;
-			}
-			// Logout if the Session IP is not the same when logged in and ipCheck is enabled:
+// Logout if the Session IP is not the same when logged in and ipCheck is enabled:
 			if($this->getConfig('ipCheck') && ($this->getSessionIP() === null || $this->getSessionIP() != $_SERVER['REMOTE_ADDR'])) {
 				$this->logout('IP');
 				return;
 			}
+
+			// Logout if we receive a logout request, the chat has been closed or the userID could not be revalidated:
+			if($this->getRequestVar('logout') && $this->getRequestVar('token') == session_id() || !$this->isChatOpen() || !$this->revalidateUserID()) {
+				$this->logout();
+				return;
+			}
+			
 		} else if(
 			// Login if auto-login enabled or a login, userName or shoutbox parameter is given:
 			$this->getConfig('forceAutoLogin') ||
diff --git a/chat/lib/class/AJAXChatTemplate.php b/chat/lib/class/AJAXChatTemplate.php
index 6209919..0c4cf16 100644
--- a/chat/lib/class/AJAXChatTemplate.php
+++ b/chat/lib/class/AJAXChatTemplate.php
@@ -174,6 +174,8 @@ class AJAXChatTemplate {
 					return 'write_forbidden';
 				else
 					return 'write_allowed';
+                        case 'TOKEN':
+                                return session_id();
 			
 			default:
 				return $this->ajaxChat->replaceCustomTemplateTags($tagData[1], (isset($tagData[2]) ? $tagData[2] : null));
diff --git a/chat/lib/template/loggedIn.html b/chat/lib/template/loggedIn.html
index 6ed113c..dcca486 100644
--- a/chat/lib/template/loggedIn.html
+++ b/chat/lib/template/loggedIn.html
@@ -172,7 +172,8 @@
 				document.getElementById('blinkIntervalSetting').value = ajaxChat.getSetting('blinkInterval');
 				document.getElementById('blinkIntervalNumberSetting').value = ajaxChat.getSetting('blinkIntervalNumber');
 			}
-
+                       
+                        ajaxChatConfig.token = '[TOKEN/]';
 			ajaxChatConfig.loginChannelID = parseInt('[LOGIN_CHANNEL_ID/]');
 			ajaxChatConfig.sessionName = '[SESSION_NAME/]';
 			ajaxChatConfig.cookieExpiration = parseInt('[COOKIE_EXPIRATION/]');