vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2026-04-09 03:31:51 -07:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

add redirect after log in to support deep links

Browse Source 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
This commit is contained in:
jokob-sk
2026-02-09 10:11:21 +11:00
parent 75c7d6c015
commit a088f4580a
1 changed files with 131 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

187
front/index.php
View File

@@ -2,98 +2,159 @@
<link rel="stylesheet" href="css/app.css"> <link rel="stylesheet" href="css/app.css">
<?php <?php
declare(strict_types=1);
//------------------------------------------------------------------------------
// check if authenticated
// Be CAREFUL WHEN INCLUDING NEW PHP FILES
require_once $_SERVER['DOCUMENT_ROOT'].'/php/server/db.php'; require_once $_SERVER['DOCUMENT_ROOT'].'/php/server/db.php';
require_once $_SERVER['DOCUMENT_ROOT'].'/php/templates/language/lang.php'; require_once $_SERVER['DOCUMENT_ROOT'].'/php/templates/language/lang.php';
require_once $_SERVER['DOCUMENT_ROOT'].'/php/templates/security.php'; require_once $_SERVER['DOCUMENT_ROOT'].'/php/templates/security.php';
// capture the redirect to after log in query string if available session_start();
$redirectTo = 'devices.php'; // Default destination
if (!empty($_GET['next'])) { const COOKIE_NAME = 'NetAlertX_SaveLogin';
$decoded = base64_decode($_GET['next']); const DEFAULT_REDIRECT = '/devices.php';
// Validate that it's a local path to prevent Open Redirect vulnerabilities
if (strpos($decoded, '/') === 0 && strpos($decoded, '//') !== 0) { /* =====================================================
$redirectTo = $decoded; Helper Functions
} ===================================================== */
function safe_redirect(string $path): void {
header("Location: {$path}", true, 302);
exit;
} }
$CookieSaveLoginName = 'NetAlertX_SaveLogin'; function validate_local_path(?string $encoded): string {
if (!$encoded) return DEFAULT_REDIRECT;
if ($nax_WebProtection != 'true') $decoded = base64_decode($encoded, true);
{ if ($decoded === false) return DEFAULT_REDIRECT;
// strict local path check
if (!preg_match('#^/[a-zA-Z0-9_\-/\.]*$#', $decoded)) {
return DEFAULT_REDIRECT;
}
return $decoded;
}
function append_hash(string $url): string {
if (!empty($_POST['url_hash'])) { if (!empty($_POST['url_hash'])) {
$redirectTo .= $_POST['url_hash']; return $url . preg_replace('/[^#a-zA-Z0-9_\-]/', '', $_POST['url_hash']);
} }
header("Location: $redirectTo"); return $url;
$_SESSION["login"] = 1;
exit;
} }
// Logout function is_authenticated(): bool {
if (isset ($_GET["action"]) && $_GET["action"] == 'logout') return isset($_SESSION['login']) && $_SESSION['login'] === 1;
{
setcookie($CookieSaveLoginName, '', time()+1); // reset cookie
$_SESSION["login"] = 0;
header('Location: index.php');
exit;
} }
// Password without Cookie check -> pass and set initial cookie function login_user(): void {
if (isset ($_POST["loginpassword"]) && $nax_Password === hash('sha256',$_POST["loginpassword"])) $_SESSION['login'] = 1;
{ session_regenerate_id(true);
if (!empty($_POST['url_hash'])) {
$redirectTo .= $_POST['url_hash'];
}
header("Location: $redirectTo");
$_SESSION["login"] = 1;
if (isset($_POST['PWRemember'])) {setcookie($CookieSaveLoginName, hash('sha256',$_POST["loginpassword"]), time()+604800);}
exit;
} }
// active Session or valid cookie (cookie not extends) function logout_user(): void {
if (( isset ($_SESSION["login"]) && ($_SESSION["login"] == 1)) || (isset ($_COOKIE[$CookieSaveLoginName]) && $nax_Password === $_COOKIE[$CookieSaveLoginName])) $_SESSION = [];
{ session_destroy();
if (!empty($_POST['url_hash'])) {
$redirectTo .= $_POST['url_hash']; setcookie(COOKIE_NAME,'',[
'expires'=>time()-3600,
'path'=>'/',
'httponly'=>true,
'samesite'=>'Strict'
]);
} }
header("Location: $redirectTo");
$_SESSION["login"] = 1; /* =====================================================
if (isset($_POST['PWRemember'])) {setcookie($CookieSaveLoginName, hash('sha256',$_POST["loginpassword"]), time()+604800);} Redirect Handling
exit; ===================================================== */
$redirectTo = validate_local_path($_GET['next'] ?? null);
/* =====================================================
Web Protection Disabled
===================================================== */
if ($nax_WebProtection !== 'true') {
login_user();
safe_redirect(append_hash($redirectTo));
} }
/* =====================================================
Logout
===================================================== */
if (($_GET['action'] ?? '') === 'logout') {
logout_user();
safe_redirect('/index.php');
}
/* =====================================================
Login Attempt
===================================================== */
if (!empty($_POST['loginpassword'])) {
$incomingHash = hash('sha256', $_POST['loginpassword']);
if (hash_equals($nax_Password, $incomingHash)) {
login_user();
if (!empty($_POST['PWRemember'])) {
$token = bin2hex(random_bytes(32));
$_SESSION['remember_token'] = hash('sha256',$token);
setcookie(COOKIE_NAME,$token,[
'expires'=>time()+604800,
'path'=>'/',
'secure'=>isset($_SERVER['HTTPS']),
'httponly'=>true,
'samesite'=>'Strict'
]);
}
safe_redirect(append_hash($redirectTo));
}
}
/* =====================================================
Remember Me Validation
===================================================== */
if (!is_authenticated() && !empty($_COOKIE[COOKIE_NAME]) && !empty($_SESSION['remember_token'])) {
if (hash_equals($_SESSION['remember_token'], hash('sha256',$_COOKIE[COOKIE_NAME]))) {
login_user();
safe_redirect(append_hash($redirectTo));
}
}
/* =====================================================
Already Logged In
===================================================== */
if (is_authenticated()) {
safe_redirect(append_hash($redirectTo));
}
/* =====================================================
Login UI Variables
===================================================== */
$login_headline = lang('Login_Toggle_Info_headline'); $login_headline = lang('Login_Toggle_Info_headline');
$login_info = lang('Login_Info'); $login_info = lang('Login_Info');
$login_mode = 'danger'; $login_mode = 'info';
$login_display_mode = 'display: block;'; $login_display_mode = 'display:none;';
$login_icon = 'fa-info'; $login_icon = 'fa-info';
// no active session, cookie not checked if ($nax_Password === '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92') {
if (isset ($_SESSION["login"]) == FALSE || $_SESSION["login"] != 1)
{
if ($nax_Password === '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92')
{
$login_info = lang('Login_Default_PWD'); $login_info = lang('Login_Default_PWD');
$login_mode = 'danger'; $login_mode = 'danger';
$login_display_mode = 'display:block;'; $login_display_mode = 'display:block;';
$login_headline = lang('Login_Toggle_Alert_headline'); $login_headline = lang('Login_Toggle_Alert_headline');
$login_icon = 'fa-ban'; $login_icon = 'fa-ban';
} }
else
{
$login_mode = 'info';
$login_display_mode = 'display: none;';
$login_headline = lang('Login_Toggle_Info_headline');
$login_icon = 'fa-info';
}
}
// ##################################################
// ## Login Processing end
// ##################################################
?> ?>
<!DOCTYPE html> <!DOCTYPE html>