Fixes bugs in URL redirects

main
Yasen Pramatarov 2024-10-23 15:28:45 +03:00
parent fee54aa827
commit 8840efebdb
3 changed files with 11 additions and 5 deletions

View File

@ -42,7 +42,7 @@ try {
$_SESSION['notice'] = "Login successful"; $_SESSION['notice'] = "Login successful";
$user_id = $userObject->getUserId($username)[0]['id']; $user_id = $userObject->getUserId($username)[0]['id'];
$logObject->insertLog($user_id, "Login: User \"$username\" logged in. IP: $user_IP", 'user'); $logObject->insertLog($user_id, "Login: User \"$username\" logged in. IP: $user_IP", 'user');
header('Location: index.php'); header('Location: ' . htmlspecialchars($app_root));
exit(); exit();
// login failed // login failed
@ -50,7 +50,7 @@ try {
$_SESSION['error'] = "Login failed."; $_SESSION['error'] = "Login failed.";
$user_id = $userObject->getUserId($username)[0]['id']; $user_id = $userObject->getUserId($username)[0]['id'];
$logObject->insertLog($user_id, "Login: Failed login attempt for user \"$username\". IP: $user_IP", 'user'); $logObject->insertLog($user_id, "Login: Failed login attempt for user \"$username\". IP: $user_IP", 'user');
header('Location: index.php'); header('Location: ' . htmlspecialchars($app_root));
exit(); exit();
} }
} }

View File

@ -23,12 +23,12 @@ if ($config['registration_enabled'] === true) {
// redirect to login // redirect to login
if ($result === true) { if ($result === true) {
$_SESSION['notice'] = "Registration successful.<br />You can log in now."; $_SESSION['notice'] = "Registration successful.<br />You can log in now.";
header('Location: index.php'); header('Location: ' . htmlspecialchars($app_root));
exit(); exit();
// registration fail, redirect to login // registration fail, redirect to login
} else { } else {
$_SESSION['error'] = "Registration failed. $result"; $_SESSION['error'] = "Registration failed. $result";
header('Location: index.php'); header('Location: ' . htmlspecialchars($app_root));
exit(); exit();
} }
} }

View File

@ -89,7 +89,7 @@ if (isset($_COOKIE['username'])) {
// redirect to login // redirect to login
if ( !isset($_COOKIE['username']) && ($page !== 'login' && $page !== 'register') ) { if ( !isset($_COOKIE['username']) && ($page !== 'login' && $page !== 'register') ) {
header('Location: index.php?page=login'); header('Location: ' . htmlspecialchars($app_root) . '?page=login');
exit(); exit();
} }
@ -147,6 +147,12 @@ if ($page == 'logout') {
$userRights = $userObject->getUserRights($user_id); $userRights = $userObject->getUserRights($user_id);
$userTimezone = isset($userDetails[0]['timezone']) ? $userDetails[0]['timezone'] : 'UTC'; // Default to UTC if no timezone is set $userTimezone = isset($userDetails[0]['timezone']) ? $userDetails[0]['timezone'] : 'UTC'; // Default to UTC if no timezone is set
// If by error a logged in user requests the login page
if ($page === 'login') {
header('Location: ' . htmlspecialchars($app_root));
exit();
}
// check if the Jilo Server is running // check if the Jilo Server is running
require '../app/classes/server.php'; require '../app/classes/server.php';
$serverObject = new Server($dbWeb); $serverObject = new Server($dbWeb);