Merge branch 'main' of https://github.com/jokob-sk/NetAlertX

2026-03-31 07:12:23 -07:00 · 2026-02-22 23:13:15 +11:00
parent 2f1e5068e3 57118bc9bd
commit 1a364e2fe2
7 changed files with 596 additions and 77 deletions
--- a/front/php/templates/security.php
+++ b/front/php/templates/security.php
@@ -1,5 +1,10 @@
 <?php

+// Start session if not already started
+if (session_status() == PHP_SESSION_NONE) {
+    session_start();
+}
+
 // Constants
 $configFolderPath = rtrim(getenv('NETALERTX_CONFIG') ?: '/data/config', '/');
 $legacyConfigPath = $_SERVER['DOCUMENT_ROOT'] . "/../config/app.conf";
@@ -45,10 +50,6 @@ $isLogonPage = ($parsedUrl === '/' || $parsedUrl === '/index.php');
 $authHeader = apache_request_headers()['Authorization'] ?? '';
 $sessionLogin = isset($_SESSION['login']) ? $_SESSION['login'] : 0;

-// Start session if not already started
-if (session_status() == PHP_SESSION_NONE) {
-    session_start();
-}

 // Handle logout
 if (!empty($_REQUEST['action']) && $_REQUEST['action'] == 'logout') {
@@ -82,11 +83,12 @@ if ($nax_WebProtection == 'true') {
    $isLoggedIn = isset($_SESSION['login']) && $_SESSION['login'] == 1;

    // Determine if the user should be redirected
-    if ($isLoggedIn || $isLogonPage || (isset($_COOKIE[COOKIE_SAVE_LOGIN_NAME]) && $nax_Password === $_COOKIE[COOKIE_SAVE_LOGIN_NAME])) {
+    if ($isLoggedIn || $isLogonPage) {
        // Logged in or stay on this page if we are on the index.php already
    } else {
        // We need to redirect
-        redirect('/index.php');
+        $returnUrl = rawurlencode(base64_encode($_SERVER['REQUEST_URI']));
+        redirect("/index.php?next=" . $returnUrl);
        exit; // exit is needed to prevent authentication bypass
    }
 }