72eeb24cd7
- Replaced all client-facing $e->getMessage() with generic error messages - Added error_log() with filename prefix to all catch blocks - Covered jsonError(), echo, and json_encode() response patterns - Also fixed 2 remaining display_errors=1 and add_invoice.php leak - Script-assisted fix for 75 files, manual fix for 12 remaining edge cases
25 lines
683 B
PHP
25 lines
683 B
PHP
<?php
|
|
// logout.php — تسجيل الخروج الآمن وإلغاء التوكن
|
|
|
|
require_once __DIR__ . '/connect.php';
|
|
|
|
try {
|
|
$jwtService = new JwtService($redis);
|
|
$decoded = $jwtService->authenticate();
|
|
|
|
$jti = $decoded->jti ?? null;
|
|
$exp = $decoded->exp ?? 0;
|
|
$remaining = $exp - time();
|
|
|
|
if ($jti && $remaining > 0) {
|
|
$jwtService->revokeToken($jti, $remaining);
|
|
securityLog("User logged out and token revoked", ['user_id' => $decoded->user_id, 'jti' => $jti]);
|
|
}
|
|
|
|
jsonSuccess(null, "Logged out successfully");
|
|
|
|
} catch (Exception $e) {
|
|
error_log("[logout.php] " . $e->getMessage());
|
|
jsonError("Logout failed", 500);
|
|
}
|