Website
/
Manager
1
0
Fork 0
Code Releases 11 Activity

Improve routing

master
Anonymous Contributor 2023-08-23 18:16:36 +02:00
parent 88e9c25bb0
commit 1ee795a399
3 changed files with 28 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
index.php
View File

@ -26,10 +26,14 @@ function isValidEndpoint(string $pageName, string $dirPrefix) {
return preg_match('/^[a-zA-Z0-9\.]{1,100}$/', $pageName) && file_exists("./".$dirPrefix."/".$pageName.".php");
}
function needsLogin(?string $pageName) {
return $pageName != 'register' && $pageName != 'forgot' && $pageName != 'reset-password' && $pageName != 'login';
}
//TODO: add API keys and/or rate limiting
if(isset($_REQUEST['api'])) {
if(isValidEndpoint($_REQUEST['api'], 'api')) {
include "./api/".$_REQUEST['api'].".php";
if(isset($_GET['api'])) {
if(isValidEndpoint($_GET['api'], 'api')) {
include "./api/".$_GET['api'].".php";
} else {
die("ERROR; ENDPOINT NOT EXIST");
}
@ -47,27 +51,33 @@ if ($handle = opendir('./plugins/')) {
closedir($handle);
}
if(isset($_REQUEST['logout']) && $_REQUEST['logout'] == '1') {
if(isset($_GET['logout']) && $_GET['logout'] == '1') {
$_SESSION = array();
header('Location: index.php');
}
if(isset($_SESSION['LOGIN']) && $_SESSION['LOGIN'] == 'true') {
if(!isset($_REQUEST['page'])) {
if(!isset($_GET['page'])) {
include './pages/dashboard.php';
} else if(isValidEndpoint($_REQUEST['page'], 'pages')) {
include "./pages/".$_REQUEST['page'].".php";
} else if(isValidEndpoint($_GET['page'], 'pages')) {
include "./pages/".$_GET['page'].".php";
} else {
include "./pages/error.php";
}
die();
}
else {
$page = isset($_GET['page']) ? $_GET['page'] : 'login';
if(isset($_REQUEST['page']) && $_REQUEST['page'] == "register") {
include "./pages/register.php";
} else {
include "./pages/login.php";
if(needsLogin($page)) {
$_SESSION['loginMessage'] = 'Du musst dich einloggen, um das MCP nutzen zu können';
$_SESSION['loginMessageColor'] = 'red';
header('Location: index.php?page=login');
}
else {
include "./pages/".$page.".php";
}
}
?>

10
pages/login.php
View File

@ -41,7 +41,7 @@
$_SESSION['DISPLAYNAME'] = strtoupper($rowUser['FirstName'].' '.$rowUser['LastName']);
$_SESSION['LOGIN'] = 'true';
header("Location: index.php?page=".urlencode($_REQUEST['page']));
header("Location: index.php?page=dashboard");
die();
}
}
@ -51,10 +51,10 @@
$HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", htmlspecialchars($_POST['username']));
}
}
else if(isset($_SESSION) && isset($_SESSION['resetMessage'])) {
unset($_SESSION['resetMessage']);
$HTML->ReplaceLayoutInhalt('%%LOGINMESSAGE%%', 'Du kannst dich jetzt mit deinem neuen Passwort einloggen!');
$HTML->ReplaceLayoutInhalt("%%MESSAGECOLOR%%", "darkgreen");
else if(isset($_SESSION) && isset($_SESSION['loginMessage'])) {
$HTML->ReplaceLayoutInhalt('%%LOGINMESSAGE%%', $_SESSION['loginMessage']);
$HTML->ReplaceLayoutInhalt('%%MESSAGECOLOR%%', $_SESSION['loginMessageColor']);
unset($_SESSION['loginMessage']);
}
if(isset($_REQUEST['page']) && preg_match('/^[0-9a-zA-Z]{1-100}$/', $_REQUEST['page']) && file_exists("./pages/".$_REQUEST['page'].".php"))

3
pages/reset-password.php
View File

@ -53,7 +53,8 @@
$statement->execute(['PasswordHash' => $hash, 'PasswordSalt' => $salt, 'PrincipalID' => $uuid]);
session_unset();
$_SESSION['resetPassword'] = true;
$_SESSION['loginMessage'] = 'Du kannst dich jetzt mit deinem neuen Passwort einloggen!';
$_SESSION['loginMessageColor'] = 'darkgreen';
require_once 'app/utils.php';
sendMail(str_replace('%%NAME%%', $name, MESSAGE), 'Passwort für '.$name.' zurückgesetzt', 'Passwort geändert', 'Das Passwort für deinen 4Creative-Account wurde soeben zurückgesetzt');