X-Git-Url: https://jfr.im/git/irc/unrealircd/unrealircd-webpanel.git/blobdiff_plain/c44f6efadb3d0054dd25bca8e719dfb0e37f12a0..ea90b321a4b3768028d841b307c362af97a5e6e1:/login/index.php diff --git a/login/index.php b/login/index.php index ea24e29..aa5609b 100644 --- a/login/index.php +++ b/login/index.php @@ -3,17 +3,32 @@ require_once "../common.php"; $logout = false; -$redirect = (isset($_GET['redirect'])) ? $_GET['redirect'] : BASE_URL; +$redirect = get_config("base_url"); +if (!empty($_GET['redirect'])) +{ + $str = urldecode($_GET['redirect']); + if (str_starts_with($str, get_config("base_url"))) // prevent redirects to like https://othersite/ + $redirect = $_GET['redirect']; +} + +$redirect = (isset($_GET['redirect'])) ? $_GET['redirect'] : get_config("base_url"); if (!empty($_GET['logout'])) { if (!isset($_SESSION['id'])) $failmsg = "Nothing to logout from"; else { + $_SESSION = NULL; session_destroy(); $logout = true; } } +if (!empty($_GET['timeout'])) +{ + $failmsg = "Your session has timed out. Please login again to continue"; + $_SESSION = NULL; + session_destroy(); +} if (!empty($_POST)) { if ($_POST['username'] && $_POST['password']) @@ -22,13 +37,12 @@ if (!empty($_POST)) /* securitah */ security_check(); $user = new PanelUser($_POST['username']); - /* not being too informative with the login error in case of attackers */ if (isset($user->id) && $user->password_verify($_POST['password'])) { $_SESSION['id'] = $user->id; header('Location: ' . $redirect); - $user->add_meta("last_login", date("Y-m-d m:i:s")); + $user->add_meta("last_login", date("Y-m-d H:i:s")); Hook::run(HOOKTYPE_USER_LOGIN, $user); die(); } @@ -49,6 +63,8 @@ if (!empty($_POST)) ?> +css/unrealircd-admin.css" rel="stylesheet"> + @@ -64,56 +80,76 @@ if (!empty($_POST)) - +img/favicon.ico"> UnrealIRCd Panel - - - - -
-
-