CA3LE Posted September 23, 2015 Share Posted September 23, 2015 I need to make a logout link... I see in IPS4 the csrfKey added to the query string logout/?csrfKey=84cdb6ae2e156b212c1ae94cf921e555 Without this... "The CSRF protection key did not match." How can I either disable this CSRF match or get the CSRF variable (csrfKey) into my application so I can add it to the query string? I just want a "Logout" button outside of IPS. Link to comment Share on other sites More sharing options...
MADMAN32395 Posted September 23, 2015 Share Posted September 23, 2015 multiple posts; https://community.invisionpower.com/topic/420743-logout-redirect/ Link to comment Share on other sites More sharing options...
CA3LE Posted September 25, 2015 Author Share Posted September 25, 2015 sorry. Does anyone know how to do this? Link to comment Share on other sites More sharing options...
Adriano Faria Posted September 25, 2015 Share Posted September 25, 2015 That's the csrfKey definition: /** * Init * * @return void */ public function init() { /* Set ID */ $this->id = session_id(); /* Crate csrf key */ $this->csrfKey = md5( "{$this->member->email}&{$this->member->member_login_key}& " . ( $this->member->member_id ? $this->member->joined->getTimestamp() : 0 ) . '&' . $this->id ); system\Session\Session.php. Link to comment Share on other sites More sharing options...
CA3LE Posted September 25, 2015 Author Share Posted September 25, 2015 Nevermind... I can do it through ipsconnect. https://community.invisionpower.com/4docs/advanced-usage/development/ips-connect-r99/ Method: logout API calls to the logout method are designed to log the user out of the master application as well as all of the slave installations. GET parameters: returnTo: The URL to return the user to once they have been logged out id: The member's unique integer ID on the master installation NOTE: Much like the crossLogin method, the logout method should redirect the user to all slave applications to log the user out and then log the user out of the master application before returning the user to the originating installation. slaveCall is passed in the URL when the master calls slave applications to differentiate requests between master and slave applications. Response status codes: None, the user will be redirected to the returnTo URL Response parameters: None ... I'd think in a support community someone could have helped me with this information days ago instead of criticizing that I posted twice. Link to comment Share on other sites More sharing options...
CA3LE Posted September 26, 2015 Author Share Posted September 26, 2015 11 hours ago, Adriano Faria said: That's the csrfKey definition: /** * Init * * @return void */ public function init() { /* Set ID */ $this->id = session_id(); /* Crate csrf key */ $this->csrfKey = md5( "{$this->member->email}&{$this->member->member_login_key}& " . ( $this->member->member_id ? $this->member->joined->getTimestamp() : 0 ) . '&' . $this->id ); system\Session\Session.php. Our posts must have collided (posted at the same time). EFF YEAH! Thanks! Knowing that makes it much easier for me... knowing that it's just a hash of that information REALLY helps. Now I don't have to deal with working through ipsconnect. thank you, thank you, thank you! The comments say "Crate csrf key" -- they meant "Create"... right? Maybe you found a misspelling there... I dunno, maybe they do mean crate, you could call putting all those variables together 'crating' I guess. ... 2 minutes later ... I already have it implemented on my site. Thanks again, that was exactly what I needed! Link to comment Share on other sites More sharing options...
.thumb.png.72c24494603afd7a572d55d4a71e4af2.png)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.