Add x-login-success header to login responses
This commit is contained in:
parent
c73b3b2085
commit
b1de0c3663
GPG Key ID:
1BE5172E637709C2
|
|
@ -24,6 +24,7 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
|
|||
### Changed
|
||||
- Disallow uploads if editing is disabled. Previously files could still be uploaded even if editing was disabled - unless `upload_enabled` was set to `false`.
|
||||
- Added `x-login-required: yes` header to responses that redirect to the login page for easy detection by machines
|
||||
- Added `x-login-success: (yes|no)` header to login responses for easier machine parsing
|
||||
|
||||
## v0.15.1
|
||||
|
||||
|
|
|
|||
|
|
@ -7244,21 +7244,23 @@ register_module([
|
|||
add_action("checklogin", function() {
|
||||
global $settings, $env;
|
||||
|
||||
//actually do the login
|
||||
// Actually do the login
|
||||
if(isset($_POST["user"]) and isset($_POST["pass"]))
|
||||
{
|
||||
//the user wants to log in
|
||||
// The user wants to log in
|
||||
$user = $_POST["user"];
|
||||
$pass = $_POST["pass"];
|
||||
if($settings->users->$user->password == hash_password($pass))
|
||||
{
|
||||
// Success! :D
|
||||
$env->is_logged_in = true;
|
||||
$expiretime = time() + 60*60*24*30; //30 days from now
|
||||
$expiretime = time() + 60*60*24*30; // 30 days from now
|
||||
$_SESSION["$settings->sessionprefix-user"] = $user;
|
||||
$_SESSION["$settings->sessionprefix-pass"] = hash_password($pass);
|
||||
$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
|
||||
//redirect to wherever the user was going
|
||||
// Redirect to wherever the user was going
|
||||
http_response_code(302);
|
||||
header("x-login-success: yes");
|
||||
if(isset($_GET["returnto"]))
|
||||
header("location: " . $_GET["returnto"]);
|
||||
else
|
||||
|
|
@ -7267,7 +7269,9 @@ register_module([
|
|||
}
|
||||
else
|
||||
{
|
||||
// Login failed :-(
|
||||
http_response_code(302);
|
||||
header("x-login-success: no");
|
||||
$nextUrl = "index.php?action=login&failed=yes";
|
||||
if(!empty($_GET["returnto"]))
|
||||
$nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]);
|
||||
|
|
|
|||
|
|
@ -203,7 +203,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
|
||||
"id": "page-login",
|
||||
"lastupdate": 1511518191,
|
||||
"lastupdate": 1522412068,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
|
|
|||
|
|
@ -86,21 +86,23 @@ register_module([
|
|||
add_action("checklogin", function() {
|
||||
global $settings, $env;
|
||||
|
||||
//actually do the login
|
||||
// Actually do the login
|
||||
if(isset($_POST["user"]) and isset($_POST["pass"]))
|
||||
{
|
||||
//the user wants to log in
|
||||
// The user wants to log in
|
||||
$user = $_POST["user"];
|
||||
$pass = $_POST["pass"];
|
||||
if($settings->users->$user->password == hash_password($pass))
|
||||
{
|
||||
// Success! :D
|
||||
$env->is_logged_in = true;
|
||||
$expiretime = time() + 60*60*24*30; //30 days from now
|
||||
$expiretime = time() + 60*60*24*30; // 30 days from now
|
||||
$_SESSION["$settings->sessionprefix-user"] = $user;
|
||||
$_SESSION["$settings->sessionprefix-pass"] = hash_password($pass);
|
||||
$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
|
||||
//redirect to wherever the user was going
|
||||
// Redirect to wherever the user was going
|
||||
http_response_code(302);
|
||||
header("x-login-success: yes");
|
||||
if(isset($_GET["returnto"]))
|
||||
header("location: " . $_GET["returnto"]);
|
||||
else
|
||||
|
|
@ -109,7 +111,9 @@ register_module([
|
|||
}
|
||||
else
|
||||
{
|
||||
// Login failed :-(
|
||||
http_response_code(302);
|
||||
header("x-login-success: no");
|
||||
$nextUrl = "index.php?action=login&failed=yes";
|
||||
if(!empty($_GET["returnto"]))
|
||||
$nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]);
|
||||
|
|
|
|||
Loading…
Reference in New Issue