mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-11-22 04:23:01 +00:00
Add x-login-success header to login responses
This commit is contained in:
parent
c73b3b2085
commit
b1de0c3663
4 changed files with 18 additions and 9 deletions
|
@ -24,6 +24,7 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
|
||||||
### Changed
|
### Changed
|
||||||
- Disallow uploads if editing is disabled. Previously files could still be uploaded even if editing was disabled - unless `upload_enabled` was set to `false`.
|
- Disallow uploads if editing is disabled. Previously files could still be uploaded even if editing was disabled - unless `upload_enabled` was set to `false`.
|
||||||
- Added `x-login-required: yes` header to responses that redirect to the login page for easy detection by machines
|
- Added `x-login-required: yes` header to responses that redirect to the login page for easy detection by machines
|
||||||
|
- Added `x-login-success: (yes|no)` header to login responses for easier machine parsing
|
||||||
|
|
||||||
## v0.15.1
|
## v0.15.1
|
||||||
|
|
||||||
|
|
|
@ -7244,21 +7244,23 @@ register_module([
|
||||||
add_action("checklogin", function() {
|
add_action("checklogin", function() {
|
||||||
global $settings, $env;
|
global $settings, $env;
|
||||||
|
|
||||||
//actually do the login
|
// Actually do the login
|
||||||
if(isset($_POST["user"]) and isset($_POST["pass"]))
|
if(isset($_POST["user"]) and isset($_POST["pass"]))
|
||||||
{
|
{
|
||||||
//the user wants to log in
|
// The user wants to log in
|
||||||
$user = $_POST["user"];
|
$user = $_POST["user"];
|
||||||
$pass = $_POST["pass"];
|
$pass = $_POST["pass"];
|
||||||
if($settings->users->$user->password == hash_password($pass))
|
if($settings->users->$user->password == hash_password($pass))
|
||||||
{
|
{
|
||||||
|
// Success! :D
|
||||||
$env->is_logged_in = true;
|
$env->is_logged_in = true;
|
||||||
$expiretime = time() + 60*60*24*30; //30 days from now
|
$expiretime = time() + 60*60*24*30; // 30 days from now
|
||||||
$_SESSION["$settings->sessionprefix-user"] = $user;
|
$_SESSION["$settings->sessionprefix-user"] = $user;
|
||||||
$_SESSION["$settings->sessionprefix-pass"] = hash_password($pass);
|
$_SESSION["$settings->sessionprefix-pass"] = hash_password($pass);
|
||||||
$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
|
$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
|
||||||
//redirect to wherever the user was going
|
// Redirect to wherever the user was going
|
||||||
http_response_code(302);
|
http_response_code(302);
|
||||||
|
header("x-login-success: yes");
|
||||||
if(isset($_GET["returnto"]))
|
if(isset($_GET["returnto"]))
|
||||||
header("location: " . $_GET["returnto"]);
|
header("location: " . $_GET["returnto"]);
|
||||||
else
|
else
|
||||||
|
@ -7267,7 +7269,9 @@ register_module([
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
// Login failed :-(
|
||||||
http_response_code(302);
|
http_response_code(302);
|
||||||
|
header("x-login-success: no");
|
||||||
$nextUrl = "index.php?action=login&failed=yes";
|
$nextUrl = "index.php?action=login&failed=yes";
|
||||||
if(!empty($_GET["returnto"]))
|
if(!empty($_GET["returnto"]))
|
||||||
$nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]);
|
$nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]);
|
||||||
|
|
|
@ -203,7 +203,7 @@
|
||||||
"author": "Starbeamrainbowlabs",
|
"author": "Starbeamrainbowlabs",
|
||||||
"description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
|
"description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
|
||||||
"id": "page-login",
|
"id": "page-login",
|
||||||
"lastupdate": 1511518191,
|
"lastupdate": 1522412068,
|
||||||
"optional": false
|
"optional": false
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
|
@ -86,21 +86,23 @@ register_module([
|
||||||
add_action("checklogin", function() {
|
add_action("checklogin", function() {
|
||||||
global $settings, $env;
|
global $settings, $env;
|
||||||
|
|
||||||
//actually do the login
|
// Actually do the login
|
||||||
if(isset($_POST["user"]) and isset($_POST["pass"]))
|
if(isset($_POST["user"]) and isset($_POST["pass"]))
|
||||||
{
|
{
|
||||||
//the user wants to log in
|
// The user wants to log in
|
||||||
$user = $_POST["user"];
|
$user = $_POST["user"];
|
||||||
$pass = $_POST["pass"];
|
$pass = $_POST["pass"];
|
||||||
if($settings->users->$user->password == hash_password($pass))
|
if($settings->users->$user->password == hash_password($pass))
|
||||||
{
|
{
|
||||||
|
// Success! :D
|
||||||
$env->is_logged_in = true;
|
$env->is_logged_in = true;
|
||||||
$expiretime = time() + 60*60*24*30; //30 days from now
|
$expiretime = time() + 60*60*24*30; // 30 days from now
|
||||||
$_SESSION["$settings->sessionprefix-user"] = $user;
|
$_SESSION["$settings->sessionprefix-user"] = $user;
|
||||||
$_SESSION["$settings->sessionprefix-pass"] = hash_password($pass);
|
$_SESSION["$settings->sessionprefix-pass"] = hash_password($pass);
|
||||||
$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
|
$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
|
||||||
//redirect to wherever the user was going
|
// Redirect to wherever the user was going
|
||||||
http_response_code(302);
|
http_response_code(302);
|
||||||
|
header("x-login-success: yes");
|
||||||
if(isset($_GET["returnto"]))
|
if(isset($_GET["returnto"]))
|
||||||
header("location: " . $_GET["returnto"]);
|
header("location: " . $_GET["returnto"]);
|
||||||
else
|
else
|
||||||
|
@ -109,7 +111,9 @@ register_module([
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
// Login failed :-(
|
||||||
http_response_code(302);
|
http_response_code(302);
|
||||||
|
header("x-login-success: no");
|
||||||
$nextUrl = "index.php?action=login&failed=yes";
|
$nextUrl = "index.php?action=login&failed=yes";
|
||||||
if(!empty($_GET["returnto"]))
|
if(!empty($_GET["returnto"]))
|
||||||
$nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]);
|
$nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]);
|
||||||
|
|
Loading…
Reference in a new issue