Fix redirection from login page
This commit is contained in:
parent
e0fc2a6c8a
commit
e6cede05ca
71
admin.php
71
admin.php
|
@ -8,76 +8,21 @@ include "core.php";
|
|||
include "config.php";
|
||||
include "create-table.php";
|
||||
|
||||
if (!$enableAdminKeys || $enableAdminKeys == "false") {
|
||||
print "Admin keys are not supported.";
|
||||
if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) {
|
||||
header('Location: login.php?redir=admin');
|
||||
die();
|
||||
} else if ($_COOKIE[$cookieTypeName] != 2) { // not allowed
|
||||
header('Location: /');
|
||||
die();
|
||||
}
|
||||
|
||||
$Authorized = 0;
|
||||
$Database = createTables($sqlDB);
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
||||
|
||||
$html = "";
|
||||
$html = printHeader($html);
|
||||
|
||||
if (isset($_REQUEST['key'])) {
|
||||
$Key = $_REQUEST['key'];
|
||||
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['key'] == $Key && $Key != "" && $line['key'] != "") {
|
||||
$id = $line['id'];
|
||||
$lastUsed = date($dateFormat);
|
||||
|
||||
$Database->exec("UPDATE admins SET lastused='$lastUsed' WHERE id='$id'");
|
||||
|
||||
if ($storeIP || $storeIP == "true") {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
||||
$ip = $_SERVER['HTTP_CLIENT_IP'];
|
||||
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
||||
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
} else {
|
||||
$ip = $_SERVER['REMOTE_ADDR'];
|
||||
}
|
||||
|
||||
$Database->exec("UPDATE admins SET ip='$ip' WHERE id='$id'");
|
||||
}
|
||||
|
||||
if ($storeAgent || $storeAgent == "true") {
|
||||
$userAgent = $_SERVER['HTTP_USER_AGENT'];
|
||||
$Database->exec("UPDATE admins SET useragent='$userAgent' WHERE id='$id'");
|
||||
}
|
||||
|
||||
$Authorized = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// the stuff
|
||||
if ($Authorized) {
|
||||
$html .= "\t\t\t<h2>Admin tools</h2>\n";
|
||||
$html .= "\t\t\t<iframe name=\"adminSubmit\" style=\"display: none;\"></iframe>\n";
|
||||
$html .= "\t\t\t<form action=\"create.php\" method=\"post\" target=\"adminSubmit\">\n";
|
||||
$html .= "\t\t\t\t<input type=\"text\" name=\"data\" placeholder=\"key name\">\n";
|
||||
$html .= "\t\t\t\t<input type=\"text\" name=\"type\" placeholder=\"type\">\n";
|
||||
$html .= "\t\t\t\t<input type=\"text\" name=\"uploads\" placeholder=\"max uploads\">\n";
|
||||
$html .= "\t\t\t\t<input type=\"hidden\" name=\"key\" value=\"$Key\">\n";
|
||||
$html .= "\t\t\t\t<input type=\"submit\" value=\"make\">\n";
|
||||
$html .= "\t\t\t</form>\n";
|
||||
} else {
|
||||
header('Location: admin.php?e=true');
|
||||
// in case admin keys are disabled
|
||||
if (!$enableAdminKeys || $enableAdminKeys == "false") {
|
||||
header('Location: /');
|
||||
die();
|
||||
}
|
||||
} else {
|
||||
$Authorized = 0;
|
||||
|
||||
$html .= "\t\t\t<form action=\"admin.php\" method=\"post\">\n";
|
||||
$html .= "\t\t\t\t<input type=\"text\" name=\"key\" placeholder=\"Administrator key\">\n";
|
||||
$html .= "\t\t\t\t<input type=\"submit\" value=\"Login\">\n";
|
||||
$html .= "\t\t\t</form>\n";
|
||||
|
||||
if (isset($_REQUEST['e']) && $_REQUEST['e'] == "true") {
|
||||
$html .= "\t\t\t<p>Invalid administrator key.</p>\n";
|
||||
}
|
||||
}
|
||||
|
||||
$html = printFooter($html);
|
||||
|
|
|
@ -34,7 +34,7 @@ if (!file_exists($configFile)) {
|
|||
return;
|
||||
}
|
||||
|
||||
/* load config file */
|
||||
// load config file
|
||||
$configEntries = parse_ini_file($configFile);
|
||||
$Stylesheet = $configEntries['css'];
|
||||
$Icon = $configEntries['favicon'];
|
||||
|
@ -60,4 +60,6 @@ $enableUploadRemoval = $configEntries['enable_upload_removal'];
|
|||
$enableKeyUploadRemoval = $configEntries['enable_key_upload_removal'];
|
||||
$cookieName = $configEntries['cookie_name'];
|
||||
$javaScript = $configEntries['javascript'];
|
||||
|
||||
$cookieTypeName = "$cookieName" . "_type";
|
||||
?>
|
||||
|
|
|
@ -16,10 +16,6 @@ function main() {
|
|||
$html .= "\t\t\t<p>Max file size: $maxFileSize MB</p>\n";
|
||||
$html .= "\t\t\t<a href=\"https://git.speedie.site/speedie/curload\">source code</a>\n";
|
||||
|
||||
if (isset($_COOKIE[$cookieName])) {
|
||||
$html .= "\t\t\t<p>Cookie found, how awesome is that?</p>\n";
|
||||
}
|
||||
|
||||
$html = printFooter($html);
|
||||
|
||||
print "$html";
|
||||
|
|
27
login.php
27
login.php
|
@ -10,7 +10,6 @@ include "core.php";
|
|||
|
||||
$Authorized = 0;
|
||||
$KeyType = 0;
|
||||
$Redirect = "";
|
||||
|
||||
if (isset($_REQUEST['redir'])) {
|
||||
$Redirect = $_REQUEST['redir'];
|
||||
|
@ -20,11 +19,12 @@ if (isset($_REQUEST['redir'])) {
|
|||
if (isset($_COOKIE[$cookieName])) {
|
||||
if (isset($_REQUEST['logout']) && $_REQUEST['logout'] == "true") {
|
||||
setcookie($cookieName, "", 0);
|
||||
setcookie($cookieTypeName, "", 0);
|
||||
header('Location: login.php');
|
||||
die();
|
||||
}
|
||||
|
||||
if ($Redirect == "index" || ($Redirect == "admin" && $KeyType != 3) || $Redirect == "") {
|
||||
if ($Redirect == "index" || ($Redirect == "admin" && $_COOKIE[$cookieTypeName] != 2) || $Redirect == "") {
|
||||
header('Location: /');
|
||||
die();
|
||||
} else if ($Redirect == "admin") {
|
||||
|
@ -153,24 +153,22 @@ if (isset($_REQUEST['key'])) {
|
|||
}
|
||||
}
|
||||
|
||||
if ($Authorized == 0) {
|
||||
header('Location: login.php?e=true');
|
||||
if ($Authorized != 1) {
|
||||
if ($Redirect != "") { // just so we can try again and still be redirected to the right place
|
||||
header("Location: login.php?e=true&redir=$Redirect");
|
||||
} else {
|
||||
header("Location: login.php?e=true");
|
||||
}
|
||||
die();
|
||||
}
|
||||
|
||||
setcookie($cookieName, $Key);
|
||||
setcookie($cookieTypeName, $KeyType);
|
||||
|
||||
if (!isset($_COOKIE[$cookieName])) {
|
||||
header('Location: /');
|
||||
die();
|
||||
}
|
||||
|
||||
if ($Redirect == "index" || ($Redirect == "admin" && $KeyType != 3)) {
|
||||
header('Location: /');
|
||||
die();
|
||||
if ($Redirect != "") { // just so we can try again and still be redirected to the right place
|
||||
header("Location: login.php?e=true&redir=$Redirect");
|
||||
} else {
|
||||
header('Location: admin.php');
|
||||
die();
|
||||
header("Location: login.php?e=true");
|
||||
}
|
||||
|
||||
die();
|
||||
|
@ -183,6 +181,7 @@ if (isset($_REQUEST['key'])) {
|
|||
$html .= "\t\t\t\t<p>Enter your login key to continue.</p>\n";
|
||||
$html .= "\t\t\t\t<form action=\"login.php\">\n";
|
||||
$html .= "\t\t\t\t\t<input type=\"password\" name=\"key\" placeholder=\"Login key\">\n";
|
||||
if (isset($Redirect)) $html .= "\t\t\t\t\t<input type=\"hidden\" name=\"redir\" value=\"$Redirect\">\n";
|
||||
$html .= "\t\t\t\t\t<input type=\"submit\" value=\"Login\">\n";
|
||||
$html .= "\t\t\t\t</form>\n";
|
||||
|
||||
|
|
Loading…
Reference in a new issue