If the $shib_AssertionConsumerServiceURL wasn't set or it was empty, the variable
didn't initialized properly when we assembled the logout url.

Fix bug: in a previous commit (82e34a0a), $shib_WAYF unintendedly replaced
when we assembled the login URL so the configuration variable had no effect
(credits to @scolytus, thanks!)

use $IP in require_once path (thx to @scolytus)

Hide login and anonlogin links aren't enough, users able to open to Special:UserLogin page and try to login there. You can disable this page with this hook (see: www.mediawiki.org/wiki/Manual:Special_pages#Disabling_Special:UserLogin_and_Special:UserLogout_pages)

After upgraded to PHP 5.4 the extension broke with fatal error, I think caused by this: http://www.php.net/manual/en/language.references.pass.php

bugfix: force logout if there is only MW session user: prevent incostintent state when there's no Shib session