vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2026-04-06 18:21:46 -07:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

add redirect after log in to support deep links

Browse Source 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
This commit is contained in:
jokob-sk
2026-02-09 09:41:20 +11:00
parent d434cc5315
commit 75c7d6c015
3 changed files with 37 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
docs/img/device_details.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 170 KiB

After

Width:  |  Height:  |  Size: 201 KiB

33
front/index.php
View File

@@ -10,11 +10,24 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/php/server/db.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/php/templates/language/lang.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/php/templates/language/lang.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/php/templates/security.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/php/templates/security.php';
// capture the redirect to after log in query string if available
$redirectTo = 'devices.php'; // Default destination
if (!empty($_GET['next'])) {
$decoded = base64_decode($_GET['next']);
// Validate that it's a local path to prevent Open Redirect vulnerabilities
if (strpos($decoded, '/') === 0 && strpos($decoded, '//') !== 0) {
$redirectTo = $decoded;
}
}
$CookieSaveLoginName = 'NetAlertX_SaveLogin'; $CookieSaveLoginName = 'NetAlertX_SaveLogin';
if ($nax_WebProtection != 'true') if ($nax_WebProtection != 'true')
{ {
header('Location: devices.php'); if (!empty($_POST['url_hash'])) {
$redirectTo .= $_POST['url_hash'];
}
header("Location: $redirectTo");
$_SESSION["login"] = 1; $_SESSION["login"] = 1;
exit; exit;
} }
@@ -31,17 +44,25 @@ if (isset ($_GET["action"]) && $_GET["action"] == 'logout')
// Password without Cookie check -> pass and set initial cookie // Password without Cookie check -> pass and set initial cookie
if (isset ($_POST["loginpassword"]) && $nax_Password === hash('sha256',$_POST["loginpassword"])) if (isset ($_POST["loginpassword"]) && $nax_Password === hash('sha256',$_POST["loginpassword"]))
{ {
header('Location: devices.php'); if (!empty($_POST['url_hash'])) {
$redirectTo .= $_POST['url_hash'];
}
header("Location: $redirectTo");
$_SESSION["login"] = 1; $_SESSION["login"] = 1;
if (isset($_POST['PWRemember'])) {setcookie($CookieSaveLoginName, hash('sha256',$_POST["loginpassword"]), time()+604800);} if (isset($_POST['PWRemember'])) {setcookie($CookieSaveLoginName, hash('sha256',$_POST["loginpassword"]), time()+604800);}
exit;
} }
// active Session or valid cookie (cookie not extends) // active Session or valid cookie (cookie not extends)
if (( isset ($_SESSION["login"]) && ($_SESSION["login"] == 1)) || (isset ($_COOKIE[$CookieSaveLoginName]) && $nax_Password === $_COOKIE[$CookieSaveLoginName])) if (( isset ($_SESSION["login"]) && ($_SESSION["login"] == 1)) || (isset ($_COOKIE[$CookieSaveLoginName]) && $nax_Password === $_COOKIE[$CookieSaveLoginName]))
{ {
header('Location: devices.php'); if (!empty($_POST['url_hash'])) {
$redirectTo .= $_POST['url_hash'];
}
header("Location: $redirectTo");
$_SESSION["login"] = 1; $_SESSION["login"] = 1;
if (isset($_POST['PWRemember'])) {setcookie($CookieSaveLoginName, hash('sha256',$_POST["loginpassword"]), time()+604800);} if (isset($_POST['PWRemember'])) {setcookie($CookieSaveLoginName, hash('sha256',$_POST["loginpassword"]), time()+604800);}
exit;
} }
$login_headline = lang('Login_Toggle_Info_headline'); $login_headline = lang('Login_Toggle_Info_headline');
@@ -109,8 +130,9 @@ if (isset ($_SESSION["login"]) == FALSE || $_SESSION["login"] != 1)
<!-- /.login-logo --> <!-- /.login-logo -->
<div class="login-box-body"> <div class="login-box-body">
<p class="login-box-msg"><?= lang('Login_Box');?></p> <p class="login-box-msg"><?= lang('Login_Box');?></p>
<form action="index.php" method="post"> <form action="index.php<?php echo !empty($_GET['next']) ? '?next=' . htmlspecialchars($_GET['next']) : ''; ?>" method="post">
<div class="form-group has-feedback"> <div class="form-group has-feedback">
<input type="hidden" name="url_hash" id="url_hash">
<input type="password" class="form-control" placeholder="<?= lang('Login_Psw-box');?>" name="loginpassword"> <input type="password" class="form-control" placeholder="<?= lang('Login_Psw-box');?>" name="loginpassword">
<span class="glyphicon glyphicon-lock form-control-feedback"></span> <span class="glyphicon glyphicon-lock form-control-feedback"></span>
</div> </div>
@@ -159,6 +181,9 @@ if (isset ($_SESSION["login"]) == FALSE || $_SESSION["login"] != 1)
<!-- iCheck --> <!-- iCheck -->
<script src="lib/iCheck/icheck.min.js"></script> <script src="lib/iCheck/icheck.min.js"></script>
<script> <script>
if (window.location.hash) {
document.getElementById('url_hash').value = window.location.hash;
}
$(function () { $(function () {
$('input').iCheck({ $('input').iCheck({
checkboxClass: 'icheckbox_square-blue', checkboxClass: 'icheckbox_square-blue',

3
front/php/templates/security.php
View File

@@ -86,7 +86,8 @@ if ($nax_WebProtection == 'true') {
// Logged in or stay on this page if we are on the index.php already // Logged in or stay on this page if we are on the index.php already
} else { } else {
// We need to redirect // We need to redirect
redirect('/index.php'); $returnUrl = base64_encode($_SERVER['REQUEST_URI']);
redirect("/index.php?next=" . $returnUrl);
exit; // exit is needed to prevent authentication bypass exit; // exit is needed to prevent authentication bypass
} }
} }