From fd3abc4f8c466e3ec396999289ba6f4b7b1bb833 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Noack?= <noack@data-quest.de>
Date: Mon, 6 Jan 2025 08:31:46 +0000
Subject: [PATCH] =?UTF-8?q?Resolve=20#5092=20"Verloren=20gegangene=20?=
 =?UTF-8?q?=C3=84nderungen=20ais=20Login/Logout"?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #5092

Merge request studip/studip!3807
---
 app/controllers/login.php  |  5 +++--
 app/controllers/logout.php | 14 ++++++++++++--
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/app/controllers/login.php b/app/controllers/login.php
index ea8935c9995..ad2cf84d7b5 100644
--- a/app/controllers/login.php
+++ b/app/controllers/login.php
@@ -49,7 +49,7 @@ class LoginController extends AuthenticatedController
 
 
             foreach (array_keys($GLOBALS['INSTALLED_LANGUAGES']) as $language_key) {
-                if (Request::submitted('set_language_' . $language_key)) {
+                if (Request::get('set_language') === $language_key) {
                     $_SESSION['forced_language'] = $language_key;
                     $_SESSION['_language'] = $language_key;
                     init_i18n($_SESSION['_language']);
@@ -60,7 +60,8 @@ class LoginController extends AuthenticatedController
             }
 
         }
-        if (Request::isPost()) {
+
+        if (Request::submitted('Login')) {
             CSRFProtection::verifyUnsafeRequest();
 
             $check_auth = StudipAuthAbstract::CheckAuthentication(
diff --git a/app/controllers/logout.php b/app/controllers/logout.php
index 22a93f09bb1..3c641de12cf 100644
--- a/app/controllers/logout.php
+++ b/app/controllers/logout.php
@@ -18,15 +18,25 @@ class LogoutController extends AuthenticatedController
 
     public function index_action()
     {
+        if (
+            !Request::isPost()
+            && !(
+                isset($_SESSION['logout_ticket'])
+                && check_ticket($_SESSION['logout_ticket'])
+            )
+        ) {
+            $this->redirect(URLHelper::getURL('dispatch.php/start'));
+            return;
+        }
+
         if ($GLOBALS['user']->id !== 'nobody') {
             $my_messaging_settings = $GLOBALS['user']->cfg->MESSAGING_SETTINGS;
 
             //Wenn Option dafuer gewaehlt, alle ungelsesenen Nachrichten als gelesen speichern
-            if ($my_messaging_settings["logout_markreaded"]) {
+            if (!empty($my_messaging_settings['logout_markreaded'])) {
                 Message::markAllAs();
             }
 
-            $logout_user = $GLOBALS['user']->id;
             $_language = $_SESSION['_language'];
             $contrast = UserConfig::get($GLOBALS['user']->id)->USER_HIGH_CONTRAST;
 
-- 
GitLab