Renamed new.php to admin.php, fixed redirects
This commit is contained in:
parent
5aca0bdbf8
commit
ab07d7ab35
6 changed files with 1902 additions and 1887 deletions
23
auth.php
23
auth.php
|
|
@ -37,13 +37,27 @@ function mvlog_current_user(): ?string {
|
|||
return isset($_SESSION['mvlog_user']) && is_string($_SESSION['mvlog_user']) ? $_SESSION['mvlog_user'] : null;
|
||||
}
|
||||
|
||||
function mvlog_normalize_next(string $next): string {
|
||||
if ($next === '' || str_contains($next, "
|
||||
") || str_contains($next, "
")) return '/admin.php';
|
||||
$parts = parse_url($next);
|
||||
if ($parts === false || isset($parts['scheme']) || isset($parts['host'])) return '/admin.php';
|
||||
$path = (string)($parts['path'] ?? '');
|
||||
if ($path === '' || $path === '/mvlog') {
|
||||
$path = '/admin.php';
|
||||
} elseif (str_starts_with($path, '/mvlog/')) {
|
||||
$path = substr($path, 6);
|
||||
}
|
||||
$query = isset($parts['query']) ? ('?' . $parts['query']) : '';
|
||||
return $path . $query;
|
||||
}
|
||||
|
||||
function mvlog_require_login(): void {
|
||||
if (mvlog_current_user() !== null) return;
|
||||
$next = $_SERVER['REQUEST_URI'] ?? '/new.php';
|
||||
$next = mvlog_normalize_next((string)($_SERVER['REQUEST_URI'] ?? '/admin.php'));
|
||||
header('Location: login.php?next=' . rawurlencode($next));
|
||||
exit;
|
||||
}
|
||||
|
||||
function mvlog_logout(): void {
|
||||
mvlog_session_start();
|
||||
$_SESSION = [];
|
||||
|
|
@ -55,8 +69,5 @@ function mvlog_logout(): void {
|
|||
}
|
||||
|
||||
function mvlog_safe_next(string $next): string {
|
||||
if ($next === '' || str_contains($next, "\n") || str_contains($next, "\r")) return 'new.php';
|
||||
$parts = parse_url($next);
|
||||
if ($parts === false || isset($parts['scheme']) || isset($parts['host'])) return 'new.php';
|
||||
return $next;
|
||||
return mvlog_normalize_next($next);
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue