Fix redirection from login page
This commit is contained in:
parent
e0fc2a6c8a
commit
e6cede05ca
71
admin.php
71
admin.php
|
@ -8,76 +8,21 @@ include "core.php";
|
||||||
include "config.php";
|
include "config.php";
|
||||||
include "create-table.php";
|
include "create-table.php";
|
||||||
|
|
||||||
if (!$enableAdminKeys || $enableAdminKeys == "false") {
|
if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) {
|
||||||
print "Admin keys are not supported.";
|
header('Location: login.php?redir=admin');
|
||||||
|
die();
|
||||||
|
} else if ($_COOKIE[$cookieTypeName] != 2) { // not allowed
|
||||||
|
header('Location: /');
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
|
||||||
$Authorized = 0;
|
|
||||||
$Database = createTables($sqlDB);
|
|
||||||
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
|
||||||
|
|
||||||
$html = "";
|
$html = "";
|
||||||
$html = printHeader($html);
|
$html = printHeader($html);
|
||||||
|
|
||||||
if (isset($_REQUEST['key'])) {
|
// in case admin keys are disabled
|
||||||
$Key = $_REQUEST['key'];
|
if (!$enableAdminKeys || $enableAdminKeys == "false") {
|
||||||
|
header('Location: /');
|
||||||
while ($line = $DatabaseQuery->fetchArray()) {
|
|
||||||
if ($line['key'] == $Key && $Key != "" && $line['key'] != "") {
|
|
||||||
$id = $line['id'];
|
|
||||||
$lastUsed = date($dateFormat);
|
|
||||||
|
|
||||||
$Database->exec("UPDATE admins SET lastused='$lastUsed' WHERE id='$id'");
|
|
||||||
|
|
||||||
if ($storeIP || $storeIP == "true") {
|
|
||||||
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
|
||||||
$ip = $_SERVER['HTTP_CLIENT_IP'];
|
|
||||||
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
|
||||||
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
|
||||||
} else {
|
|
||||||
$ip = $_SERVER['REMOTE_ADDR'];
|
|
||||||
}
|
|
||||||
|
|
||||||
$Database->exec("UPDATE admins SET ip='$ip' WHERE id='$id'");
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($storeAgent || $storeAgent == "true") {
|
|
||||||
$userAgent = $_SERVER['HTTP_USER_AGENT'];
|
|
||||||
$Database->exec("UPDATE admins SET useragent='$userAgent' WHERE id='$id'");
|
|
||||||
}
|
|
||||||
|
|
||||||
$Authorized = 1;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// the stuff
|
|
||||||
if ($Authorized) {
|
|
||||||
$html .= "\t\t\t<h2>Admin tools</h2>\n";
|
|
||||||
$html .= "\t\t\t<iframe name=\"adminSubmit\" style=\"display: none;\"></iframe>\n";
|
|
||||||
$html .= "\t\t\t<form action=\"create.php\" method=\"post\" target=\"adminSubmit\">\n";
|
|
||||||
$html .= "\t\t\t\t<input type=\"text\" name=\"data\" placeholder=\"key name\">\n";
|
|
||||||
$html .= "\t\t\t\t<input type=\"text\" name=\"type\" placeholder=\"type\">\n";
|
|
||||||
$html .= "\t\t\t\t<input type=\"text\" name=\"uploads\" placeholder=\"max uploads\">\n";
|
|
||||||
$html .= "\t\t\t\t<input type=\"hidden\" name=\"key\" value=\"$Key\">\n";
|
|
||||||
$html .= "\t\t\t\t<input type=\"submit\" value=\"make\">\n";
|
|
||||||
$html .= "\t\t\t</form>\n";
|
|
||||||
} else {
|
|
||||||
header('Location: admin.php?e=true');
|
|
||||||
die();
|
die();
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$Authorized = 0;
|
|
||||||
|
|
||||||
$html .= "\t\t\t<form action=\"admin.php\" method=\"post\">\n";
|
|
||||||
$html .= "\t\t\t\t<input type=\"text\" name=\"key\" placeholder=\"Administrator key\">\n";
|
|
||||||
$html .= "\t\t\t\t<input type=\"submit\" value=\"Login\">\n";
|
|
||||||
$html .= "\t\t\t</form>\n";
|
|
||||||
|
|
||||||
if (isset($_REQUEST['e']) && $_REQUEST['e'] == "true") {
|
|
||||||
$html .= "\t\t\t<p>Invalid administrator key.</p>\n";
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$html = printFooter($html);
|
$html = printFooter($html);
|
||||||
|
|
|
@ -34,7 +34,7 @@ if (!file_exists($configFile)) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* load config file */
|
// load config file
|
||||||
$configEntries = parse_ini_file($configFile);
|
$configEntries = parse_ini_file($configFile);
|
||||||
$Stylesheet = $configEntries['css'];
|
$Stylesheet = $configEntries['css'];
|
||||||
$Icon = $configEntries['favicon'];
|
$Icon = $configEntries['favicon'];
|
||||||
|
@ -60,4 +60,6 @@ $enableUploadRemoval = $configEntries['enable_upload_removal'];
|
||||||
$enableKeyUploadRemoval = $configEntries['enable_key_upload_removal'];
|
$enableKeyUploadRemoval = $configEntries['enable_key_upload_removal'];
|
||||||
$cookieName = $configEntries['cookie_name'];
|
$cookieName = $configEntries['cookie_name'];
|
||||||
$javaScript = $configEntries['javascript'];
|
$javaScript = $configEntries['javascript'];
|
||||||
|
|
||||||
|
$cookieTypeName = "$cookieName" . "_type";
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -16,10 +16,6 @@ function main() {
|
||||||
$html .= "\t\t\t<p>Max file size: $maxFileSize MB</p>\n";
|
$html .= "\t\t\t<p>Max file size: $maxFileSize MB</p>\n";
|
||||||
$html .= "\t\t\t<a href=\"https://git.speedie.site/speedie/curload\">source code</a>\n";
|
$html .= "\t\t\t<a href=\"https://git.speedie.site/speedie/curload\">source code</a>\n";
|
||||||
|
|
||||||
if (isset($_COOKIE[$cookieName])) {
|
|
||||||
$html .= "\t\t\t<p>Cookie found, how awesome is that?</p>\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
$html = printFooter($html);
|
$html = printFooter($html);
|
||||||
|
|
||||||
print "$html";
|
print "$html";
|
||||||
|
|
27
login.php
27
login.php
|
@ -10,7 +10,6 @@ include "core.php";
|
||||||
|
|
||||||
$Authorized = 0;
|
$Authorized = 0;
|
||||||
$KeyType = 0;
|
$KeyType = 0;
|
||||||
$Redirect = "";
|
|
||||||
|
|
||||||
if (isset($_REQUEST['redir'])) {
|
if (isset($_REQUEST['redir'])) {
|
||||||
$Redirect = $_REQUEST['redir'];
|
$Redirect = $_REQUEST['redir'];
|
||||||
|
@ -20,11 +19,12 @@ if (isset($_REQUEST['redir'])) {
|
||||||
if (isset($_COOKIE[$cookieName])) {
|
if (isset($_COOKIE[$cookieName])) {
|
||||||
if (isset($_REQUEST['logout']) && $_REQUEST['logout'] == "true") {
|
if (isset($_REQUEST['logout']) && $_REQUEST['logout'] == "true") {
|
||||||
setcookie($cookieName, "", 0);
|
setcookie($cookieName, "", 0);
|
||||||
|
setcookie($cookieTypeName, "", 0);
|
||||||
header('Location: login.php');
|
header('Location: login.php');
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($Redirect == "index" || ($Redirect == "admin" && $KeyType != 3) || $Redirect == "") {
|
if ($Redirect == "index" || ($Redirect == "admin" && $_COOKIE[$cookieTypeName] != 2) || $Redirect == "") {
|
||||||
header('Location: /');
|
header('Location: /');
|
||||||
die();
|
die();
|
||||||
} else if ($Redirect == "admin") {
|
} else if ($Redirect == "admin") {
|
||||||
|
@ -153,24 +153,22 @@ if (isset($_REQUEST['key'])) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($Authorized == 0) {
|
if ($Authorized != 1) {
|
||||||
header('Location: login.php?e=true');
|
if ($Redirect != "") { // just so we can try again and still be redirected to the right place
|
||||||
|
header("Location: login.php?e=true&redir=$Redirect");
|
||||||
|
} else {
|
||||||
|
header("Location: login.php?e=true");
|
||||||
|
}
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
|
||||||
setcookie($cookieName, $Key);
|
setcookie($cookieName, $Key);
|
||||||
|
setcookie($cookieTypeName, $KeyType);
|
||||||
|
|
||||||
if (!isset($_COOKIE[$cookieName])) {
|
if ($Redirect != "") { // just so we can try again and still be redirected to the right place
|
||||||
header('Location: /');
|
header("Location: login.php?e=true&redir=$Redirect");
|
||||||
die();
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($Redirect == "index" || ($Redirect == "admin" && $KeyType != 3)) {
|
|
||||||
header('Location: /');
|
|
||||||
die();
|
|
||||||
} else {
|
} else {
|
||||||
header('Location: admin.php');
|
header("Location: login.php?e=true");
|
||||||
die();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
die();
|
die();
|
||||||
|
@ -183,6 +181,7 @@ if (isset($_REQUEST['key'])) {
|
||||||
$html .= "\t\t\t\t<p>Enter your login key to continue.</p>\n";
|
$html .= "\t\t\t\t<p>Enter your login key to continue.</p>\n";
|
||||||
$html .= "\t\t\t\t<form action=\"login.php\">\n";
|
$html .= "\t\t\t\t<form action=\"login.php\">\n";
|
||||||
$html .= "\t\t\t\t\t<input type=\"password\" name=\"key\" placeholder=\"Login key\">\n";
|
$html .= "\t\t\t\t\t<input type=\"password\" name=\"key\" placeholder=\"Login key\">\n";
|
||||||
|
if (isset($Redirect)) $html .= "\t\t\t\t\t<input type=\"hidden\" name=\"redir\" value=\"$Redirect\">\n";
|
||||||
$html .= "\t\t\t\t\t<input type=\"submit\" value=\"Login\">\n";
|
$html .= "\t\t\t\t\t<input type=\"submit\" value=\"Login\">\n";
|
||||||
$html .= "\t\t\t\t</form>\n";
|
$html .= "\t\t\t\t</form>\n";
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue