|
|
@ -13,8 +13,19 @@ if (!empty($_SESSION['loggedin']) && $_SESSION['loggedin'] === true && !isset($_
|
|
|
|
die();
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (!empty($_GET['logout'])) {
|
|
|
|
/**
|
|
|
|
// Show a logout message instead of immediately redirecting to login flow
|
|
|
|
* Show a simple HTML page with a line of text and a button. Matches the UI of
|
|
|
|
|
|
|
|
* the AccountHub login flow.
|
|
|
|
|
|
|
|
*
|
|
|
|
|
|
|
|
* @global type $SETTINGS
|
|
|
|
|
|
|
|
* @global type $SECURE_NONCE
|
|
|
|
|
|
|
|
* @global type $Strings
|
|
|
|
|
|
|
|
* @param string $title Text to show, passed through i18n
|
|
|
|
|
|
|
|
* @param string $button Button text, passed through i18n
|
|
|
|
|
|
|
|
* @param string $url URL for the button
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
function showHTML(string $title, string $button, string $url) {
|
|
|
|
|
|
|
|
global $SETTINGS, $SECURE_NONCE, $Strings;
|
|
|
|
?>
|
|
|
|
?>
|
|
|
|
<!DOCTYPE html>
|
|
|
|
<!DOCTYPE html>
|
|
|
|
<meta charset="UTF-8">
|
|
|
|
<meta charset="UTF-8">
|
|
|
@ -26,7 +37,6 @@ if (!empty($_GET['logout'])) {
|
|
|
|
<link rel="icon" href="static/img/logo.svg">
|
|
|
|
<link rel="icon" href="static/img/logo.svg">
|
|
|
|
|
|
|
|
|
|
|
|
<link href="static/css/bootstrap.min.css" rel="stylesheet">
|
|
|
|
<link href="static/css/bootstrap.min.css" rel="stylesheet">
|
|
|
|
<link href="static/css/svg-with-js.min.css" rel="stylesheet">
|
|
|
|
|
|
|
|
<style nonce="<?php echo $SECURE_NONCE; ?>">
|
|
|
|
<style nonce="<?php echo $SECURE_NONCE; ?>">
|
|
|
|
.display-5 {
|
|
|
|
.display-5 {
|
|
|
|
font-size: 2.5rem;
|
|
|
|
font-size: 2.5rem;
|
|
|
@ -40,11 +50,6 @@ if (!empty($_GET['logout'])) {
|
|
|
|
border: 1px solid grey;
|
|
|
|
border: 1px solid grey;
|
|
|
|
border-radius: 15%;
|
|
|
|
border-radius: 15%;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.blank-image {
|
|
|
|
|
|
|
|
height: 100px;
|
|
|
|
|
|
|
|
margin: 2em auto;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
</style>
|
|
|
|
</style>
|
|
|
|
|
|
|
|
|
|
|
|
<div class="container mt-4">
|
|
|
|
<div class="container mt-4">
|
|
|
@ -54,24 +59,25 @@ if (!empty($_GET['logout'])) {
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
|
|
<div class="col-12 text-center">
|
|
|
|
<div class="col-12 text-center">
|
|
|
|
<h1 class="display-5 mb-4"><?php $Strings->get("You have been logged out.") ?></h1>
|
|
|
|
<h1 class="display-5 mb-4"><?php $Strings->get($title); ?></h1>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
|
|
<div class="col-12 col-sm-8 col-lg-6">
|
|
|
|
<div class="col-12 col-sm-8 col-lg-6">
|
|
|
|
<div class="card mt-4">
|
|
|
|
<div class="card mt-4">
|
|
|
|
<div class="card-body">
|
|
|
|
<div class="card-body">
|
|
|
|
<a href="./index.php" class="btn btn-primary btn-block"><?php $Strings->get("Log in again"); ?></a>
|
|
|
|
<a href="<?php echo $url; ?>" class="btn btn-primary btn-block"><?php $Strings->get($button); ?></a>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
|
|
<script src="static/js/fontawesome-all.min.js"></script>
|
|
|
|
|
|
|
|
<?php
|
|
|
|
<?php
|
|
|
|
die();
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (!empty($_GET['logout'])) {
|
|
|
|
|
|
|
|
showHTML("You have been logged out.", "Log in again", "./index.php");
|
|
|
|
|
|
|
|
die();
|
|
|
|
|
|
|
|
}
|
|
|
|
if (empty($_SESSION["login_code"])) {
|
|
|
|
if (empty($_SESSION["login_code"])) {
|
|
|
|
$redirecttologin = true;
|
|
|
|
$redirecttologin = true;
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
@ -84,13 +90,15 @@ if (empty($_SESSION["login_code"])) {
|
|
|
|
$user = new User($uidinfo['uid'] * 1);
|
|
|
|
$user = new User($uidinfo['uid'] * 1);
|
|
|
|
foreach ($SETTINGS['permissions'] as $perm) {
|
|
|
|
foreach ($SETTINGS['permissions'] as $perm) {
|
|
|
|
if (!$user->hasPermission($perm)) {
|
|
|
|
if (!$user->hasPermission($perm)) {
|
|
|
|
die($Strings->get("no access permission", false));
|
|
|
|
showHTML("no access permission", "sign out", "./action.php?action=signout");
|
|
|
|
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
Session::start($user);
|
|
|
|
Session::start($user);
|
|
|
|
$_SESSION["login_code"] = null;
|
|
|
|
$_SESSION["login_code"] = null;
|
|
|
|
header('Location: app.php');
|
|
|
|
header('Location: app.php');
|
|
|
|
die("Logged in, go to app.php");
|
|
|
|
showHTML("Logged in", "Continue", "./app.php");
|
|
|
|
|
|
|
|
die();
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
throw new Exception();
|
|
|
|
throw new Exception();
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -113,7 +121,10 @@ if ($redirecttologin) {
|
|
|
|
|
|
|
|
|
|
|
|
$_SESSION["login_code"] = $codedata["code"];
|
|
|
|
$_SESSION["login_code"] = $codedata["code"];
|
|
|
|
|
|
|
|
|
|
|
|
header("Location: " . $codedata["loginurl"] . "?code=" . htmlentities($codedata["code"]) . "&redirect=" . htmlentities($redirecturl));
|
|
|
|
$locationurl = $codedata["loginurl"] . "?code=" . htmlentities($codedata["code"]) . "&redirect=" . htmlentities($redirecturl);
|
|
|
|
|
|
|
|
header("Location: $locationurl");
|
|
|
|
|
|
|
|
showHTML("Continue", "Continue", $locationurl);
|
|
|
|
|
|
|
|
die();
|
|
|
|
} catch (Exception $ex) {
|
|
|
|
} catch (Exception $ex) {
|
|
|
|
sendError($ex->getMessage());
|
|
|
|
sendError($ex->getMessage());
|
|
|
|
}
|
|
|
|
}
|
|
|
|