lindeas
/
jilo-web
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 4 Wiki Activity

Fixes bugs in URL redirects

main
Yasen Pramatarov 2024-10-23 15:28:45 +03:00
parent fee54aa827
commit 8840efebdb
3 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/pages/login.php
View File

@ -42,7 +42,7 @@ try {
$_SESSION['notice'] = "Login successful";
$user_id = $userObject->getUserId($username)[0]['id'];
$logObject->insertLog($user_id, "Login: User \"$username\" logged in. IP: $user_IP", 'user');
header('Location: index.php');
header('Location: ' . htmlspecialchars($app_root));
exit();
// login failed
@ -50,7 +50,7 @@ try {
$_SESSION['error'] = "Login failed.";
$user_id = $userObject->getUserId($username)[0]['id'];
$logObject->insertLog($user_id, "Login: Failed login attempt for user \"$username\". IP: $user_IP", 'user');
header('Location: index.php');
header('Location: ' . htmlspecialchars($app_root));
exit();
}
}

4
app/pages/register.php
View File

@ -23,12 +23,12 @@ if ($config['registration_enabled'] === true) {
// redirect to login
if ($result === true) {
$_SESSION['notice'] = "Registration successful.<br />You can log in now.";
header('Location: index.php');
header('Location: ' . htmlspecialchars($app_root));
exit();
// registration fail, redirect to login
} else {
$_SESSION['error'] = "Registration failed. $result";
header('Location: index.php');
header('Location: ' . htmlspecialchars($app_root));
exit();
}
}

8
public_html/index.php
View File

@ -89,7 +89,7 @@ if (isset($_COOKIE['username'])) {
// redirect to login
if ( !isset($_COOKIE['username']) && ($page !== 'login' && $page !== 'register') ) {
header('Location: index.php?page=login');
header('Location: ' . htmlspecialchars($app_root) . '?page=login');
exit();
}
@ -147,6 +147,12 @@ if ($page == 'logout') {
$userRights = $userObject->getUserRights($user_id);
$userTimezone = isset($userDetails[0]['timezone']) ? $userDetails[0]['timezone'] : 'UTC'; // Default to UTC if no timezone is set
// If by error a logged in user requests the login page
if ($page === 'login') {
header('Location: ' . htmlspecialchars($app_root));
exit();
}
// check if the Jilo Server is running
require '../app/classes/server.php';
$serverObject = new Server($dbWeb);