1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-22 04:23:01 +00:00

Add x-login-success header to login responses

This commit is contained in:
Starbeamrainbowlabs 2018-03-30 13:17:06 +01:00
parent c73b3b2085
commit b1de0c3663
Signed by: sbrl
GPG key ID: 1BE5172E637709C2
4 changed files with 18 additions and 9 deletions

View file

@ -24,6 +24,7 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
### Changed
- Disallow uploads if editing is disabled. Previously files could still be uploaded even if editing was disabled - unless `upload_enabled` was set to `false`.
- Added `x-login-required: yes` header to responses that redirect to the login page for easy detection by machines
- Added `x-login-success: (yes|no)` header to login responses for easier machine parsing
## v0.15.1

View file

@ -7244,21 +7244,23 @@ register_module([
add_action("checklogin", function() {
global $settings, $env;
//actually do the login
// Actually do the login
if(isset($_POST["user"]) and isset($_POST["pass"]))
{
//the user wants to log in
// The user wants to log in
$user = $_POST["user"];
$pass = $_POST["pass"];
if($settings->users->$user->password == hash_password($pass))
{
// Success! :D
$env->is_logged_in = true;
$expiretime = time() + 60*60*24*30; // 30 days from now
$_SESSION["$settings->sessionprefix-user"] = $user;
$_SESSION["$settings->sessionprefix-pass"] = hash_password($pass);
$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
//redirect to wherever the user was going
// Redirect to wherever the user was going
http_response_code(302);
header("x-login-success: yes");
if(isset($_GET["returnto"]))
header("location: " . $_GET["returnto"]);
else
@ -7267,7 +7269,9 @@ register_module([
}
else
{
// Login failed :-(
http_response_code(302);
header("x-login-success: no");
$nextUrl = "index.php?action=login&failed=yes";
if(!empty($_GET["returnto"]))
$nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]);

View file

@ -203,7 +203,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
"id": "page-login",
"lastupdate": 1511518191,
"lastupdate": 1522412068,
"optional": false
},
{

View file

@ -86,21 +86,23 @@ register_module([
add_action("checklogin", function() {
global $settings, $env;
//actually do the login
// Actually do the login
if(isset($_POST["user"]) and isset($_POST["pass"]))
{
//the user wants to log in
// The user wants to log in
$user = $_POST["user"];
$pass = $_POST["pass"];
if($settings->users->$user->password == hash_password($pass))
{
// Success! :D
$env->is_logged_in = true;
$expiretime = time() + 60*60*24*30; // 30 days from now
$_SESSION["$settings->sessionprefix-user"] = $user;
$_SESSION["$settings->sessionprefix-pass"] = hash_password($pass);
$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
//redirect to wherever the user was going
// Redirect to wherever the user was going
http_response_code(302);
header("x-login-success: yes");
if(isset($_GET["returnto"]))
header("location: " . $_GET["returnto"]);
else
@ -109,7 +111,9 @@ register_module([
}
else
{
// Login failed :-(
http_response_code(302);
header("x-login-success: no");
$nextUrl = "index.php?action=login&failed=yes";
if(!empty($_GET["returnto"]))
$nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]);