1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-26 05:32:59 +00:00

Add x-login-success header to login responses

This commit is contained in:
Starbeamrainbowlabs 2018-03-30 13:17:06 +01:00
parent c73b3b2085
commit b1de0c3663
Signed by: sbrl
GPG key ID: 1BE5172E637709C2
4 changed files with 18 additions and 9 deletions

View file

@ -24,6 +24,7 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
### Changed ### Changed
- Disallow uploads if editing is disabled. Previously files could still be uploaded even if editing was disabled - unless `upload_enabled` was set to `false`. - Disallow uploads if editing is disabled. Previously files could still be uploaded even if editing was disabled - unless `upload_enabled` was set to `false`.
- Added `x-login-required: yes` header to responses that redirect to the login page for easy detection by machines - Added `x-login-required: yes` header to responses that redirect to the login page for easy detection by machines
- Added `x-login-success: (yes|no)` header to login responses for easier machine parsing
## v0.15.1 ## v0.15.1

View file

@ -7244,21 +7244,23 @@ register_module([
add_action("checklogin", function() { add_action("checklogin", function() {
global $settings, $env; global $settings, $env;
//actually do the login // Actually do the login
if(isset($_POST["user"]) and isset($_POST["pass"])) if(isset($_POST["user"]) and isset($_POST["pass"]))
{ {
//the user wants to log in // The user wants to log in
$user = $_POST["user"]; $user = $_POST["user"];
$pass = $_POST["pass"]; $pass = $_POST["pass"];
if($settings->users->$user->password == hash_password($pass)) if($settings->users->$user->password == hash_password($pass))
{ {
// Success! :D
$env->is_logged_in = true; $env->is_logged_in = true;
$expiretime = time() + 60*60*24*30; // 30 days from now $expiretime = time() + 60*60*24*30; // 30 days from now
$_SESSION["$settings->sessionprefix-user"] = $user; $_SESSION["$settings->sessionprefix-user"] = $user;
$_SESSION["$settings->sessionprefix-pass"] = hash_password($pass); $_SESSION["$settings->sessionprefix-pass"] = hash_password($pass);
$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime; $_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
//redirect to wherever the user was going // Redirect to wherever the user was going
http_response_code(302); http_response_code(302);
header("x-login-success: yes");
if(isset($_GET["returnto"])) if(isset($_GET["returnto"]))
header("location: " . $_GET["returnto"]); header("location: " . $_GET["returnto"]);
else else
@ -7267,7 +7269,9 @@ register_module([
} }
else else
{ {
// Login failed :-(
http_response_code(302); http_response_code(302);
header("x-login-success: no");
$nextUrl = "index.php?action=login&failed=yes"; $nextUrl = "index.php?action=login&failed=yes";
if(!empty($_GET["returnto"])) if(!empty($_GET["returnto"]))
$nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]); $nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]);

View file

@ -203,7 +203,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.", "description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
"id": "page-login", "id": "page-login",
"lastupdate": 1511518191, "lastupdate": 1522412068,
"optional": false "optional": false
}, },
{ {

View file

@ -86,21 +86,23 @@ register_module([
add_action("checklogin", function() { add_action("checklogin", function() {
global $settings, $env; global $settings, $env;
//actually do the login // Actually do the login
if(isset($_POST["user"]) and isset($_POST["pass"])) if(isset($_POST["user"]) and isset($_POST["pass"]))
{ {
//the user wants to log in // The user wants to log in
$user = $_POST["user"]; $user = $_POST["user"];
$pass = $_POST["pass"]; $pass = $_POST["pass"];
if($settings->users->$user->password == hash_password($pass)) if($settings->users->$user->password == hash_password($pass))
{ {
// Success! :D
$env->is_logged_in = true; $env->is_logged_in = true;
$expiretime = time() + 60*60*24*30; // 30 days from now $expiretime = time() + 60*60*24*30; // 30 days from now
$_SESSION["$settings->sessionprefix-user"] = $user; $_SESSION["$settings->sessionprefix-user"] = $user;
$_SESSION["$settings->sessionprefix-pass"] = hash_password($pass); $_SESSION["$settings->sessionprefix-pass"] = hash_password($pass);
$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime; $_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
//redirect to wherever the user was going // Redirect to wherever the user was going
http_response_code(302); http_response_code(302);
header("x-login-success: yes");
if(isset($_GET["returnto"])) if(isset($_GET["returnto"]))
header("location: " . $_GET["returnto"]); header("location: " . $_GET["returnto"]);
else else
@ -109,7 +111,9 @@ register_module([
} }
else else
{ {
// Login failed :-(
http_response_code(302); http_response_code(302);
header("x-login-success: no");
$nextUrl = "index.php?action=login&failed=yes"; $nextUrl = "index.php?action=login&failed=yes";
if(!empty($_GET["returnto"])) if(!empty($_GET["returnto"]))
$nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]); $nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]);