mirror of
https://github.com/jokob-sk/NetAlertX.git
synced 2026-04-04 17:21:23 -07:00
add redirect after log in to support deep links
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
This commit is contained in:
jokob-sk
@@ -7,6 +7,10 @@ require_once $_SERVER['DOCUMENT_ROOT'].'/php/server/db.php';
|
|||||||
require_once $_SERVER['DOCUMENT_ROOT'].'/php/templates/language/lang.php';
|
require_once $_SERVER['DOCUMENT_ROOT'].'/php/templates/language/lang.php';
|
||||||
require_once $_SERVER['DOCUMENT_ROOT'].'/php/templates/security.php';
|
require_once $_SERVER['DOCUMENT_ROOT'].'/php/templates/security.php';
|
||||||
|
|
||||||
|
// if (session_status() === PHP_SESSION_NONE) {
|
||||||
|
// session_start();
|
||||||
|
// }
|
||||||
|
|
||||||
session_start();
|
session_start();
|
||||||
|
|
||||||
const COOKIE_NAME = 'NetAlertX_SaveLogin';
|
const COOKIE_NAME = 'NetAlertX_SaveLogin';
|
||||||
@@ -25,10 +29,13 @@ function validate_local_path(?string $encoded): string {
|
|||||||
if (!$encoded) return DEFAULT_REDIRECT;
|
if (!$encoded) return DEFAULT_REDIRECT;
|
||||||
|
|
||||||
$decoded = base64_decode($encoded, true);
|
$decoded = base64_decode($encoded, true);
|
||||||
if ($decoded === false) return DEFAULT_REDIRECT;
|
if ($decoded === false) {
|
||||||
|
return DEFAULT_REDIRECT;
|
||||||
|
}
|
||||||
|
|
||||||
// strict local path check
|
// strict local path check (allow safe query strings + fragments)
|
||||||
if (!preg_match('#^/[a-zA-Z0-9_\-/\.]*$#', $decoded)) {
|
// Using ~ as the delimiter instead of #
|
||||||
|
if (!preg_match('~^(?!//)(?!.*://)/[a-zA-Z0-9_\-./?=&:%#]*$~', $decoded)) {
|
||||||
return DEFAULT_REDIRECT;
|
return DEFAULT_REDIRECT;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -74,7 +81,9 @@ $redirectTo = validate_local_path($_GET['next'] ?? null);
|
|||||||
===================================================== */
|
===================================================== */
|
||||||
|
|
||||||
if ($nax_WebProtection !== 'true') {
|
if ($nax_WebProtection !== 'true') {
|
||||||
login_user();
|
if (!is_authenticated()) {
|
||||||
|
login_user();
|
||||||
|
}
|
||||||
safe_redirect(append_hash($redirectTo));
|
safe_redirect(append_hash($redirectTo));
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -190,7 +199,11 @@ if ($nax_Password === '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923
|
|||||||
<!-- /.login-logo -->
|
<!-- /.login-logo -->
|
||||||
<div class="login-box-body">
|
<div class="login-box-body">
|
||||||
<p class="login-box-msg"><?= lang('Login_Box');?></p>
|
<p class="login-box-msg"><?= lang('Login_Box');?></p>
|
||||||
<form action="index.php<?php echo !empty($_GET['next']) ? '?next=' . htmlspecialchars($_GET['next']) : ''; ?>" method="post">
|
<form action="index.php<?php
|
||||||
|
echo !empty($_GET['next'])
|
||||||
|
? '?next=' . htmlspecialchars($_GET['next'], ENT_QUOTES, 'UTF-8')
|
||||||
|
: '';
|
||||||
|
?>" method="post">
|
||||||
<div class="form-group has-feedback">
|
<div class="form-group has-feedback">
|
||||||
<input type="hidden" name="url_hash" id="url_hash">
|
<input type="hidden" name="url_hash" id="url_hash">
|
||||||
<input type="password" class="form-control" placeholder="<?= lang('Login_Psw-box');?>" name="loginpassword">
|
<input type="password" class="form-control" placeholder="<?= lang('Login_Psw-box');?>" name="loginpassword">
|
||||||
|
|||||||
@@ -1,5 +1,10 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
// Start session if not already started
|
||||||
|
if (session_status() == PHP_SESSION_NONE) {
|
||||||
|
session_start();
|
||||||
|
}
|
||||||
|
|
||||||
// Constants
|
// Constants
|
||||||
$configFolderPath = rtrim(getenv('NETALERTX_CONFIG') ?: '/data/config', '/');
|
$configFolderPath = rtrim(getenv('NETALERTX_CONFIG') ?: '/data/config', '/');
|
||||||
$legacyConfigPath = $_SERVER['DOCUMENT_ROOT'] . "/../config/app.conf";
|
$legacyConfigPath = $_SERVER['DOCUMENT_ROOT'] . "/../config/app.conf";
|
||||||
@@ -45,10 +50,6 @@ $isLogonPage = ($parsedUrl === '/' || $parsedUrl === '/index.php');
|
|||||||
$authHeader = apache_request_headers()['Authorization'] ?? '';
|
$authHeader = apache_request_headers()['Authorization'] ?? '';
|
||||||
$sessionLogin = isset($_SESSION['login']) ? $_SESSION['login'] : 0;
|
$sessionLogin = isset($_SESSION['login']) ? $_SESSION['login'] : 0;
|
||||||
|
|
||||||
// Start session if not already started
|
|
||||||
if (session_status() == PHP_SESSION_NONE) {
|
|
||||||
session_start();
|
|
||||||
}
|
|
||||||
|
|
||||||
// Handle logout
|
// Handle logout
|
||||||
if (!empty($_REQUEST['action']) && $_REQUEST['action'] == 'logout') {
|
if (!empty($_REQUEST['action']) && $_REQUEST['action'] == 'logout') {
|
||||||
@@ -86,7 +87,7 @@ if ($nax_WebProtection == 'true') {
|
|||||||
// Logged in or stay on this page if we are on the index.php already
|
// Logged in or stay on this page if we are on the index.php already
|
||||||
} else {
|
} else {
|
||||||
// We need to redirect
|
// We need to redirect
|
||||||
$returnUrl = base64_encode($_SERVER['REQUEST_URI']);
|
$returnUrl = rawurlencode(base64_encode($_SERVER['REQUEST_URI']));
|
||||||
redirect("/index.php?next=" . $returnUrl);
|
redirect("/index.php?next=" . $returnUrl);
|
||||||
exit; // exit is needed to prevent authentication bypass
|
exit; // exit is needed to prevent authentication bypass
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user