diff options
Diffstat (limited to 'includes/session.php')
| -rw-r--r-- | includes/session.php | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/includes/session.php b/includes/session.php index 9f38ca4..bf642ed 100644 --- a/includes/session.php +++ b/includes/session.php @@ -5,11 +5,16 @@ $_CONFIG = json_decode(file_get_contents("/mnt/familine/private/FamilineConfig.j if ($_SERVER['REMOTE_ADDR'] !== "127.0.0.1" && $_SERVER['REMOTE_ADDR'] !== "::0") { if (isset($_COOKIE['FL_SESSION_TOKEN'])) { + if (strpos($_COOKIE['FL_SESSION_TOKEN'], ".") !== false || strpos($_COOKIE['FL_SESSION_TOKEN'], "/") !== false) { + header("Location: https://" . $_CONFIG["Global"]["domain"] . "/login/?r=" . urlencode("https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]")); + die(); + } + if (file_exists("/mnt/familine/private/tokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['FL_SESSION_TOKEN'])))) { $_PROFILE = json_decode(file_get_contents("/mnt/familine/private/tokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['FL_SESSION_TOKEN']))), true); if (isset($_PROFILE['familine'])) { - header("Location: https://" . $_CONFIG["Global"]["domain"] . "/welcome"); + header("Location: https://" . $_CONFIG["Global"]["domain"] . "/login/?r=" . urlencode("https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]")); die(); } @@ -17,11 +22,11 @@ if ($_SERVER['REMOTE_ADDR'] !== "127.0.0.1" && $_SERVER['REMOTE_ADDR'] !== "::0" $_SUID = $_PROFILE['login']; $_FULLNAME = $_PROFILE['name']; } else { - header("Location: https://" . $_CONFIG["Global"]["domain"] . "/welcome"); + header("Location: https://" . $_CONFIG["Global"]["domain"] . "/login/?r=" . urlencode("https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]")); die(); } } else { - header("Location: https://" . $_CONFIG["Global"]["domain"] . "/welcome"); + header("Location: https://" . $_CONFIG["Global"]["domain"] . "/login/?r=" . urlencode("https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]")); die(); } |