diff options
| author | Arno Richter <oelna@oelna.de> | 2022-12-13 21:29:39 +0100 |
|---|---|---|
| committer | Arno Richter <oelna@oelna.de> | 2022-12-13 21:29:39 +0100 |
| commit | f0e3ff408db8ee40611f75cdf96892f90034bd60 (patch) | |
| tree | 00feafe091b3ac0cf5828f0ccb9a5d58d8aedb47 /index.php | |
| parent | b7f338941dcac2a21df2cc4e7fada572616997a2 (diff) | |
| download | microblog-f0e3ff408db8ee40611f75cdf96892f90034bd60.tar.gz microblog-f0e3ff408db8ee40611f75cdf96892f90034bd60.tar.bz2 microblog-f0e3ff408db8ee40611f75cdf96892f90034bd60.zip | |
overhaul login flow and cookie handling. fix very bad permission error for editing and deleting posts.
Diffstat (limited to 'index.php')
| -rw-r--r-- | index.php | 27 |
1 files changed, 18 insertions, 9 deletions
@@ -1,20 +1,29 @@ <?php require_once(__DIR__.DIRECTORY_SEPARATOR.'config.php'); + // check user credentials + $config['logged_in'] = false; + $config['logged_in'] = check_login(); + + // subpages if(is_numeric(path(0))) { // show a single blog post require_once(ROOT.DS.'single.inc.php'); + } elseif(mb_strtolower(path(0)) === 'login') { - // show login form - require_once(ROOT.DS.'loginform.inc.php'); + require_once(ROOT.DS.'loginform.inc.php'); + + } elseif(mb_strtolower(path(0)) === 'logout') { + $domain = ($_SERVER['HTTP_HOST'] != 'localhost') ? $_SERVER['HTTP_HOST'] : false; + setcookie('microblog_login', '', time()-3600, '/', $domain, false); + unset($_COOKIE['microblog_login']); + + header('Location: '.$config['url']); + die(); + } elseif(mb_strtolower(path(0)) === 'new') { - if(isset($_COOKIE['microblog_login']) && $_COOKIE['microblog_login'] === sha1($config['url'].$config['admin_pass'])) { - // show the post form - require_once(ROOT.DS.'postform.inc.php'); - } else { - header('Location: '.$config['url'].'/login'); - die(); - } + require_once(ROOT.DS.'postform.inc.php'); + } else { // redirect everything else to the homepage if(!empty(path(0)) && path(0) != 'page') { |