1
0
Fork 0

Improve routing

master
Anonymous Contributor 2023-08-23 18:16:36 +02:00
parent 88e9c25bb0
commit 1ee795a399
3 changed files with 28 additions and 17 deletions

View File

@ -26,10 +26,14 @@ function isValidEndpoint(string $pageName, string $dirPrefix) {
return preg_match('/^[a-zA-Z0-9\.]{1,100}$/', $pageName) && file_exists("./".$dirPrefix."/".$pageName.".php"); return preg_match('/^[a-zA-Z0-9\.]{1,100}$/', $pageName) && file_exists("./".$dirPrefix."/".$pageName.".php");
} }
function needsLogin(?string $pageName) {
return $pageName != 'register' && $pageName != 'forgot' && $pageName != 'reset-password' && $pageName != 'login';
}
//TODO: add API keys and/or rate limiting //TODO: add API keys and/or rate limiting
if(isset($_REQUEST['api'])) { if(isset($_GET['api'])) {
if(isValidEndpoint($_REQUEST['api'], 'api')) { if(isValidEndpoint($_GET['api'], 'api')) {
include "./api/".$_REQUEST['api'].".php"; include "./api/".$_GET['api'].".php";
} else { } else {
die("ERROR; ENDPOINT NOT EXIST"); die("ERROR; ENDPOINT NOT EXIST");
} }
@ -47,27 +51,33 @@ if ($handle = opendir('./plugins/')) {
closedir($handle); closedir($handle);
} }
if(isset($_REQUEST['logout']) && $_REQUEST['logout'] == '1') { if(isset($_GET['logout']) && $_GET['logout'] == '1') {
$_SESSION = array(); $_SESSION = array();
header('Location: index.php'); header('Location: index.php');
} }
if(isset($_SESSION['LOGIN']) && $_SESSION['LOGIN'] == 'true') { if(isset($_SESSION['LOGIN']) && $_SESSION['LOGIN'] == 'true') {
if(!isset($_REQUEST['page'])) { if(!isset($_GET['page'])) {
include './pages/dashboard.php'; include './pages/dashboard.php';
} else if(isValidEndpoint($_REQUEST['page'], 'pages')) { } else if(isValidEndpoint($_GET['page'], 'pages')) {
include "./pages/".$_REQUEST['page'].".php"; include "./pages/".$_GET['page'].".php";
} else { } else {
include "./pages/error.php"; include "./pages/error.php";
} }
die(); die();
} }
else {
$page = isset($_GET['page']) ? $_GET['page'] : 'login';
if(isset($_REQUEST['page']) && $_REQUEST['page'] == "register") { if(needsLogin($page)) {
include "./pages/register.php"; $_SESSION['loginMessage'] = 'Du musst dich einloggen, um das MCP nutzen zu können';
} else { $_SESSION['loginMessageColor'] = 'red';
include "./pages/login.php"; header('Location: index.php?page=login');
}
else {
include "./pages/".$page.".php";
}
} }
?> ?>

View File

@ -41,7 +41,7 @@
$_SESSION['DISPLAYNAME'] = strtoupper($rowUser['FirstName'].' '.$rowUser['LastName']); $_SESSION['DISPLAYNAME'] = strtoupper($rowUser['FirstName'].' '.$rowUser['LastName']);
$_SESSION['LOGIN'] = 'true'; $_SESSION['LOGIN'] = 'true';
header("Location: index.php?page=".urlencode($_REQUEST['page'])); header("Location: index.php?page=dashboard");
die(); die();
} }
} }
@ -51,10 +51,10 @@
$HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", htmlspecialchars($_POST['username'])); $HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", htmlspecialchars($_POST['username']));
} }
} }
else if(isset($_SESSION) && isset($_SESSION['resetMessage'])) { else if(isset($_SESSION) && isset($_SESSION['loginMessage'])) {
unset($_SESSION['resetMessage']); $HTML->ReplaceLayoutInhalt('%%LOGINMESSAGE%%', $_SESSION['loginMessage']);
$HTML->ReplaceLayoutInhalt('%%LOGINMESSAGE%%', 'Du kannst dich jetzt mit deinem neuen Passwort einloggen!'); $HTML->ReplaceLayoutInhalt('%%MESSAGECOLOR%%', $_SESSION['loginMessageColor']);
$HTML->ReplaceLayoutInhalt("%%MESSAGECOLOR%%", "darkgreen"); unset($_SESSION['loginMessage']);
} }
if(isset($_REQUEST['page']) && preg_match('/^[0-9a-zA-Z]{1-100}$/', $_REQUEST['page']) && file_exists("./pages/".$_REQUEST['page'].".php")) if(isset($_REQUEST['page']) && preg_match('/^[0-9a-zA-Z]{1-100}$/', $_REQUEST['page']) && file_exists("./pages/".$_REQUEST['page'].".php"))

View File

@ -53,7 +53,8 @@
$statement->execute(['PasswordHash' => $hash, 'PasswordSalt' => $salt, 'PrincipalID' => $uuid]); $statement->execute(['PasswordHash' => $hash, 'PasswordSalt' => $salt, 'PrincipalID' => $uuid]);
session_unset(); session_unset();
$_SESSION['resetPassword'] = true; $_SESSION['loginMessage'] = 'Du kannst dich jetzt mit deinem neuen Passwort einloggen!';
$_SESSION['loginMessageColor'] = 'darkgreen';
require_once 'app/utils.php'; require_once 'app/utils.php';
sendMail(str_replace('%%NAME%%', $name, MESSAGE), 'Passwort für '.$name.' zurückgesetzt', 'Passwort geändert', 'Das Passwort für deinen 4Creative-Account wurde soeben zurückgesetzt'); sendMail(str_replace('%%NAME%%', $name, MESSAGE), 'Passwort für '.$name.' zurückgesetzt', 'Passwort geändert', 'Das Passwort für deinen 4Creative-Account wurde soeben zurückgesetzt');