speedie/keyload
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Fix redirection from login page

Browse source
This commit is contained in:
Jacob 2023-09-30 23:13:22 +02:00
parent e0fc2a6c8a
commit e6cede05ca
4 changed files with 25 additions and 83 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

73
admin.php
View file

@ -8,76 +8,21 @@ include "core.php";
include "config.php";
include "create-table.php";
if (!$enableAdminKeys || $enableAdminKeys == "false") {
print "Admin keys are not supported.";
if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) {
header('Location: login.php?redir=admin');
die();
} else if ($_COOKIE[$cookieTypeName] != 2) { // not allowed
header('Location: /');
die();
}
$Authorized = 0;
$Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM admins');
$html = "";
$html = printHeader($html);
if (isset($_REQUEST['key'])) {
$Key = $_REQUEST['key'];
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['key'] == $Key && $Key != "" && $line['key'] != "") {
$id = $line['id'];
$lastUsed = date($dateFormat);
$Database->exec("UPDATE admins SET lastused='$lastUsed' WHERE id='$id'");
if ($storeIP || $storeIP == "true") {
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
$Database->exec("UPDATE admins SET ip='$ip' WHERE id='$id'");
}
if ($storeAgent || $storeAgent == "true") {
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$Database->exec("UPDATE admins SET useragent='$userAgent' WHERE id='$id'");
}
$Authorized = 1;
break;
}
}
// the stuff
if ($Authorized) {
$html .= "\t\t\t<h2>Admin tools</h2>\n";
$html .= "\t\t\t<iframe name=\"adminSubmit\" style=\"display: none;\"></iframe>\n";
$html .= "\t\t\t<form action=\"create.php\" method=\"post\" target=\"adminSubmit\">\n";
$html .= "\t\t\t\t<input type=\"text\" name=\"data\" placeholder=\"key name\">\n";
$html .= "\t\t\t\t<input type=\"text\" name=\"type\" placeholder=\"type\">\n";
$html .= "\t\t\t\t<input type=\"text\" name=\"uploads\" placeholder=\"max uploads\">\n";
$html .= "\t\t\t\t<input type=\"hidden\" name=\"key\" value=\"$Key\">\n";
$html .= "\t\t\t\t<input type=\"submit\" value=\"make\">\n";
$html .= "\t\t\t</form>\n";
} else {
header('Location: admin.php?e=true');
die();
}
} else {
$Authorized = 0;
$html .= "\t\t\t<form action=\"admin.php\" method=\"post\">\n";
$html .= "\t\t\t\t<input type=\"text\" name=\"key\" placeholder=\"Administrator key\">\n";
$html .= "\t\t\t\t<input type=\"submit\" value=\"Login\">\n";
$html .= "\t\t\t</form>\n";
if (isset($_REQUEST['e']) && $_REQUEST['e'] == "true") {
$html .= "\t\t\t<p>Invalid administrator key.</p>\n";
}
// in case admin keys are disabled
if (!$enableAdminKeys || $enableAdminKeys == "false") {
header('Location: /');
die();
}
$html = printFooter($html);

4
config.php
View file

@ -34,7 +34,7 @@ if (!file_exists($configFile)) {
return;
}
/* load config file */
// load config file
$configEntries = parse_ini_file($configFile);
$Stylesheet = $configEntries['css'];
$Icon = $configEntries['favicon'];
@ -60,4 +60,6 @@ $enableUploadRemoval = $configEntries['enable_upload_removal'];
$enableKeyUploadRemoval = $configEntries['enable_key_upload_removal'];
$cookieName = $configEntries['cookie_name'];
$javaScript = $configEntries['javascript'];
$cookieTypeName = "$cookieName" . "_type";
?>

4
index.php
View file

@ -16,10 +16,6 @@ function main() {
$html .= "\t\t\t<p>Max file size: $maxFileSize MB</p>\n";
$html .= "\t\t\t<a href=\"https://git.speedie.site/speedie/curload\">source code</a>\n";
if (isset($_COOKIE[$cookieName])) {
$html .= "\t\t\t<p>Cookie found, how awesome is that?</p>\n";
}
$html = printFooter($html);
print "$html";

27
login.php
View file

@ -10,7 +10,6 @@ include "core.php";
$Authorized = 0;
$KeyType = 0;
$Redirect = "";
if (isset($_REQUEST['redir'])) {
$Redirect = $_REQUEST['redir'];
@ -20,11 +19,12 @@ if (isset($_REQUEST['redir'])) {
if (isset($_COOKIE[$cookieName])) {
if (isset($_REQUEST['logout']) && $_REQUEST['logout'] == "true") {
setcookie($cookieName, "", 0);
setcookie($cookieTypeName, "", 0);
header('Location: login.php');
die();
}
if ($Redirect == "index" || ($Redirect == "admin" && $KeyType != 3) || $Redirect == "") {
if ($Redirect == "index" || ($Redirect == "admin" && $_COOKIE[$cookieTypeName] != 2) || $Redirect == "") {
header('Location: /');
die();
} else if ($Redirect == "admin") {
@ -153,24 +153,22 @@ if (isset($_REQUEST['key'])) {
}
}
if ($Authorized == 0) {
header('Location: login.php?e=true');
if ($Authorized != 1) {
if ($Redirect != "") { // just so we can try again and still be redirected to the right place
header("Location: login.php?e=true&redir=$Redirect");
} else {
header("Location: login.php?e=true");
}
die();
}
setcookie($cookieName, $Key);
setcookie($cookieTypeName, $KeyType);
if (!isset($_COOKIE[$cookieName])) {
header('Location: /');
die();
}
if ($Redirect == "index" || ($Redirect == "admin" && $KeyType != 3)) {
header('Location: /');
die();
if ($Redirect != "") { // just so we can try again and still be redirected to the right place
header("Location: login.php?e=true&redir=$Redirect");
} else {
header('Location: admin.php');
die();
header("Location: login.php?e=true");
}
die();
@ -183,6 +181,7 @@ if (isset($_REQUEST['key'])) {
$html .= "\t\t\t\t<p>Enter your login key to continue.</p>\n";
$html .= "\t\t\t\t<form action=\"login.php\">\n";
$html .= "\t\t\t\t\t<input type=\"password\" name=\"key\" placeholder=\"Login key\">\n";
if (isset($Redirect)) $html .= "\t\t\t\t\t<input type=\"hidden\" name=\"redir\" value=\"$Redirect\">\n";
$html .= "\t\t\t\t\t<input type=\"submit\" value=\"Login\">\n";
$html .= "\t\t\t\t</form>\n";