Renamed new.php to admin.php, fixed redirects

This commit is contained in:
hbrain 2026-06-04 14:33:29 +02:00
parent 5aca0bdbf8
commit ab07d7ab35
6 changed files with 1902 additions and 1887 deletions

View file

@ -37,13 +37,27 @@ function mvlog_current_user(): ?string {
return isset($_SESSION['mvlog_user']) && is_string($_SESSION['mvlog_user']) ? $_SESSION['mvlog_user'] : null;
}
function mvlog_normalize_next(string $next): string {
if ($next === '' || str_contains($next, "
") || str_contains($next, " ")) return '/admin.php';
$parts = parse_url($next);
if ($parts === false || isset($parts['scheme']) || isset($parts['host'])) return '/admin.php';
$path = (string)($parts['path'] ?? '');
if ($path === '' || $path === '/mvlog') {
$path = '/admin.php';
} elseif (str_starts_with($path, '/mvlog/')) {
$path = substr($path, 6);
}
$query = isset($parts['query']) ? ('?' . $parts['query']) : '';
return $path . $query;
}
function mvlog_require_login(): void {
if (mvlog_current_user() !== null) return;
$next = $_SERVER['REQUEST_URI'] ?? '/new.php';
$next = mvlog_normalize_next((string)($_SERVER['REQUEST_URI'] ?? '/admin.php'));
header('Location: login.php?next=' . rawurlencode($next));
exit;
}
function mvlog_logout(): void {
mvlog_session_start();
$_SESSION = [];
@ -55,8 +69,5 @@ function mvlog_logout(): void {
}
function mvlog_safe_next(string $next): string {
if ($next === '' || str_contains($next, "\n") || str_contains($next, "\r")) return 'new.php';
$parts = parse_url($next);
if ($parts === false || isset($parts['scheme']) || isset($parts['host'])) return 'new.php';
return $next;
return mvlog_normalize_next($next);
}