diff --git a/index.php b/index.php index 4c2fbda..693c4a3 100644 --- a/index.php +++ b/index.php @@ -26,10 +26,14 @@ function isValidEndpoint(string $pageName, string $dirPrefix) { return preg_match('/^[a-zA-Z0-9\.]{1,100}$/', $pageName) && file_exists("./".$dirPrefix."/".$pageName.".php"); } +function needsLogin(?string $pageName) { + return $pageName != 'register' && $pageName != 'forgot' && $pageName != 'reset-password' && $pageName != 'login'; +} + //TODO: add API keys and/or rate limiting -if(isset($_REQUEST['api'])) { - if(isValidEndpoint($_REQUEST['api'], 'api')) { - include "./api/".$_REQUEST['api'].".php"; +if(isset($_GET['api'])) { + if(isValidEndpoint($_GET['api'], 'api')) { + include "./api/".$_GET['api'].".php"; } else { die("ERROR; ENDPOINT NOT EXIST"); } @@ -47,27 +51,33 @@ if ($handle = opendir('./plugins/')) { closedir($handle); } -if(isset($_REQUEST['logout']) && $_REQUEST['logout'] == '1') { +if(isset($_GET['logout']) && $_GET['logout'] == '1') { $_SESSION = array(); header('Location: index.php'); } if(isset($_SESSION['LOGIN']) && $_SESSION['LOGIN'] == 'true') { - if(!isset($_REQUEST['page'])) { + if(!isset($_GET['page'])) { include './pages/dashboard.php'; - } else if(isValidEndpoint($_REQUEST['page'], 'pages')) { - include "./pages/".$_REQUEST['page'].".php"; + } else if(isValidEndpoint($_GET['page'], 'pages')) { + include "./pages/".$_GET['page'].".php"; } else { include "./pages/error.php"; } die(); } +else { + $page = isset($_GET['page']) ? $_GET['page'] : 'login'; -if(isset($_REQUEST['page']) && $_REQUEST['page'] == "register") { - include "./pages/register.php"; -} else { - include "./pages/login.php"; + if(needsLogin($page)) { + $_SESSION['loginMessage'] = 'Du musst dich einloggen, um das MCP nutzen zu können'; + $_SESSION['loginMessageColor'] = 'red'; + header('Location: index.php?page=login'); + } + else { + include "./pages/".$page.".php"; + } } ?> \ No newline at end of file diff --git a/pages/login.php b/pages/login.php index d330678..6ff8078 100644 --- a/pages/login.php +++ b/pages/login.php @@ -41,7 +41,7 @@ $_SESSION['DISPLAYNAME'] = strtoupper($rowUser['FirstName'].' '.$rowUser['LastName']); $_SESSION['LOGIN'] = 'true'; - header("Location: index.php?page=".urlencode($_REQUEST['page'])); + header("Location: index.php?page=dashboard"); die(); } } @@ -51,10 +51,10 @@ $HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", htmlspecialchars($_POST['username'])); } } - else if(isset($_SESSION) && isset($_SESSION['resetMessage'])) { - unset($_SESSION['resetMessage']); - $HTML->ReplaceLayoutInhalt('%%LOGINMESSAGE%%', 'Du kannst dich jetzt mit deinem neuen Passwort einloggen!'); - $HTML->ReplaceLayoutInhalt("%%MESSAGECOLOR%%", "darkgreen"); + else if(isset($_SESSION) && isset($_SESSION['loginMessage'])) { + $HTML->ReplaceLayoutInhalt('%%LOGINMESSAGE%%', $_SESSION['loginMessage']); + $HTML->ReplaceLayoutInhalt('%%MESSAGECOLOR%%', $_SESSION['loginMessageColor']); + unset($_SESSION['loginMessage']); } if(isset($_REQUEST['page']) && preg_match('/^[0-9a-zA-Z]{1-100}$/', $_REQUEST['page']) && file_exists("./pages/".$_REQUEST['page'].".php")) diff --git a/pages/reset-password.php b/pages/reset-password.php index 71ff68c..0d0b30d 100644 --- a/pages/reset-password.php +++ b/pages/reset-password.php @@ -53,7 +53,8 @@ $statement->execute(['PasswordHash' => $hash, 'PasswordSalt' => $salt, 'PrincipalID' => $uuid]); session_unset(); - $_SESSION['resetPassword'] = true; + $_SESSION['loginMessage'] = 'Du kannst dich jetzt mit deinem neuen Passwort einloggen!'; + $_SESSION['loginMessageColor'] = 'darkgreen'; require_once 'app/utils.php'; sendMail(str_replace('%%NAME%%', $name, MESSAGE), 'Passwort für '.$name.' zurückgesetzt', 'Passwort geändert', 'Das Passwort für deinen 4Creative-Account wurde soeben zurückgesetzt');