How do I logout a user from IPB externally?

Question

I have built a SSO (Single Sign-On) system for use between our main site and the Invision Power Board software but I'm not sure how to go about logging the user out of IPB when they log out from the main site?

Additionally, what files would I need to load in the external file to be able to do this?

Answer 1

Edit: to use IPB code for this, you have to include

require_once( IPS_ROOT_PATH . 'applications/core/modules_public/global/login.php' );

then to extend public_core_global_login and to call it's doLogout() method for this to work you have to set $this->member->setMember( $member_id ); I, personally, have never done it this way, so bellow is how you can do it manually:

IPB sets the data in session and stores several cookies for auto-login. You can perform without using any IPB sources; what you have to do is (note query and updatecookie are some pseudofunctions, for performing DB queries and setting cookie values respectively):

  query("DELETE FROM ".$ibf_prefix."sessions WHERE member_id = $userid");

  updatecookie($ibf_cookieid."member_id",0,time()-1800);
  updatecookie($ibf_cookieid."pass_hash",0,time()-1800);
  updatecookie($ibf_cookieid."session_id",0,time()-1800);

You can read $ibf_prefix from conf_global.php :

$ibf_prefix = $INFO[sql_tbl_prefix];

and $ibf_cookieid is:

$ibf_cache = query_first("SELECT cs_value FROM " . $ibf_prefix . "cache_store WHERE cs_key = 'settings'");
$ibf_cache = unserialize($ibf_cache['cs_value']);

$ibf_cookieid = $ibf_cache['cookie_id'];

You can read the source of doLogout method in admin/applications/core/modules_public/global/login.php

I'm not aware of any IPB API for this.

Answer 2

You can try to destroy the session with session_destroy();

If the user has "Remember me" checked, you have to delete the cookie pass_hash too.