NetAlert X | Log in

$parts[0], 'hash' => !empty($parts[1]) ? '#' . $parts[1] : '' ]; } function append_hash(string $url): string { // First check if the URL already has a hash from the deep link $parts = extract_hash_from_path($url); if (!empty($parts['hash'])) { return $parts['path'] . $parts['hash']; } // Fall back to POST url_hash (for browser-captured hashes) if (!empty($_POST['url_hash'])) { $sanitized = preg_replace('/[^#a-zA-Z0-9_\-]/', '', $_POST['url_hash']); if (str_starts_with($sanitized, '#')) { return $url . $sanitized; } } return $url; } function is_authenticated(): bool { return isset($_SESSION['login']) && $_SESSION['login'] === 1; } function login_user(): void { $_SESSION['login'] = 1; session_regenerate_id(true); } function is_https_request(): bool { // Direct HTTPS detection if (!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') { return true; } // Standard port check if (!empty($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443) { return true; } // Trusted proxy headers (only valid if behind a trusted reverse proxy) if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https') { return true; } if (!empty($_SERVER['HTTP_X_FORWARDED_SSL']) && strtolower($_SERVER['HTTP_X_FORWARDED_SSL']) === 'on') { return true; } return false; } function logout_user(): void { $_SESSION = []; session_destroy(); } /* ===================================================== Redirect Handling ===================================================== */ $redirectTo = validate_local_path($_GET['next'] ?? null); /* ===================================================== Web Protection Disabled ===================================================== */ if ($nax_WebProtection !== 'true') { if (!is_authenticated()) { login_user(); } safe_redirect(append_hash($redirectTo)); } /* ===================================================== Login Attempt ===================================================== */ if (!empty($_POST['loginpassword'])) { $incomingHash = hash('sha256', $_POST['loginpassword']); if (hash_equals($nax_Password, $incomingHash)) { login_user(); // Redirect to target page, preserving deep link hash if present safe_redirect(append_hash($redirectTo)); } } /* ===================================================== Already Logged In ===================================================== */ if (is_authenticated()) { safe_redirect(append_hash($redirectTo)); } /* ===================================================== Login UI Variables ===================================================== */ $login_headline = lang('Login_Toggle_Info_headline'); $login_info = lang('Login_Info'); $login_mode = 'info'; $login_display_mode = 'display:none;'; $login_icon = 'fa-info'; if ($nax_Password === '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92') { $login_info = lang('Login_Default_PWD'); $login_mode = 'danger'; $login_display_mode = 'display:block;'; $login_headline = lang('Login_Toggle_Alert_headline'); $login_icon = 'fa-ban'; } ?> NetAlert X | Log in