From 5e5944f6eb14569a16e3c540b68895aea6ca6d60 Mon Sep 17 00:00:00 2001 From: Minteck Date: Sat, 5 Feb 2022 15:56:02 +0100 Subject: Update --- private/session.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'private/session.php') diff --git a/private/session.php b/private/session.php index d55d34d..bc30d3e 100644 --- a/private/session.php +++ b/private/session.php @@ -4,11 +4,16 @@ global $_CONFIG; $_CONFIG = json_decode(file_get_contents("/mnt/familine/private/FamilineConfig.json"), true); if (isset($_COOKIE['FL_SESSION_TOKEN'])) { + if (strpos($_COOKIE['FL_SESSION_TOKEN'], ".") !== false || strpos($_COOKIE['FL_SESSION_TOKEN'], "/") !== false) { + header("Location: https://" . $_CONFIG["Global"]["domain"] . "/login/?r=" . urlencode("https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]")); + die(); + } + if (file_exists("/mnt/familine/private/tokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['FL_SESSION_TOKEN'])))) { $_PROFILE = json_decode(file_get_contents("/mnt/familine/private/tokens/" . str_replace(".", "", str_replace("/", "", $_COOKIE['FL_SESSION_TOKEN']))), true); if (isset($_PROFILE['familine'])) { - header("Location: https://" . $_CONFIG["Global"]["domain"] . "/welcome"); + header("Location: https://" . $_CONFIG["Global"]["domain"] . "/login/?r=" . urlencode("https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]")); die(); } @@ -16,11 +21,11 @@ if (isset($_COOKIE['FL_SESSION_TOKEN'])) { $_SUID = $_PROFILE['login']; $_FULLNAME = $_PROFILE['name']; } else { - header("Location: https://" . $_CONFIG["Global"]["domain"] . "/welcome"); + header("Location: https://" . $_CONFIG["Global"]["domain"] . "/login/?r=" . urlencode("https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]")); die(); } } else { - header("Location: https://" . $_CONFIG["Global"]["domain"] . "/welcome"); + header("Location: https://" . $_CONFIG["Global"]["domain"] . "/login/?r=" . urlencode("https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]")); die(); } -- cgit