Roll back signout.php changes and move the fix to auth.php, since checking $_SESSION at the top of signout.php *before* the session was even started meant that the user was always considered to be logged out, even before they really were. This broke most all of the plugins that hooked into signout.php

functions/auth.php

@@ -45,10 +45,9 @@ function is_logged_in() {
         global $PHP_SELF, $session_expired_post,
                $session_expired_location, $squirrelmail_language;
 
-        /*  First we store some information in the new session to prevent
-         *  information-loss.
-         */
-
+        //  First we store some information in the new session to prevent
+        //  information-loss.
+        //
         $session_expired_post = $_POST;
         $session_expired_location = $PHP_SELF;
         if (!sqsession_is_registered('session_expired_post')) {
@@ -57,6 +56,14 @@ function is_logged_in() {
         if (!sqsession_is_registered('session_expired_location')) {
             sqsession_register($session_expired_location,'session_expired_location');
         }
+
+        // signout page will deal with users who aren't logged
+        // in on its own; don't show error here
+        //
+        if (strpos($PHP_SELF, 'signout.php') !== FALSE) {
+           return;
+        }
+
         include_once( SM_PATH . 'functions/display_messages.php' );
         set_up_language($squirrelmail_language, true);
         logout_error( _("You must be logged in to access this page.") );
@@ -242,4 +249,4 @@ function get_smtp_user(&$user, &$pass) {
     }
 }
 
-?>
+?>

src/signout.php

@@ -18,40 +18,20 @@
  */
 define('SM_PATH','../');
 
-/* check if we're already logged out (e.g. when this page is reloaded),
- * so we can skip to the output and not give error messages */
-if( ! isset($_SESSION) || empty($_SESSION['user_is_logged_in']) ) {
-    $loggedin = false;
-} else {
-    $loggedin = true;
-}
-
-if($loggedin) {
-    require_once(SM_PATH . 'include/validate.php');
-    require_once(SM_PATH . 'functions/prefs.php');
-} else {
-    // this comes in through validate.php usually
-    require_once(SM_PATH . 'config/config.php');
-    require_once(SM_PATH . 'functions/i18n.php');
-    require_once(SM_PATH . 'functions/page_header.php');
-    if (@file_exists($theme[$theme_default]['PATH'])) {
-        @include ($theme[$theme_default]['PATH']);
-    }
-}
+require_once(SM_PATH . 'include/validate.php');
+require_once(SM_PATH . 'functions/prefs.php');
 require_once(SM_PATH . 'functions/plugin.php');
 require_once(SM_PATH . 'functions/strings.php');
 require_once(SM_PATH . 'functions/html.php');
 
-if($loggedin) {
-    /* Erase any lingering attachments */
-    if (isset($attachments) && is_array($attachments)
-        && sizeof($attachments)){
-        $hashed_attachment_dir = getHashedDir($username, $attachment_dir);
-        foreach ($attachments as $info) {
-            $attached_file = "$hashed_attachment_dir/$info[localfilename]";
-            if (file_exists($attached_file)) {
-                unlink($attached_file);
-            }
+/* Erase any lingering attachments */
+if (isset($attachments) && is_array($attachments)
+    && sizeof($attachments)){
+    $hashed_attachment_dir = getHashedDir($username, $attachment_dir);
+    foreach ($attachments as $info) {
+        $attached_file = "$hashed_attachment_dir/$info[localfilename]";
+        if (file_exists($attached_file)) {
+            unlink($attached_file);
         }
     }
 }
@@ -116,4 +96,4 @@ html_tag( 'table',
 'center', $color[4], 'width="50%" cols="1" cellpadding="2" cellspacing="0" border="0"' )
 ?>
 </body>
-</html>
+</html>