|
|
@@ -13,8 +13,19 @@ if (!empty($_SESSION['loggedin']) && $_SESSION['loggedin'] === true && !isset($_ |
|
|
|
die(); |
|
|
|
} |
|
|
|
|
|
|
|
if (!empty($_GET['logout'])) { |
|
|
|
// Show a logout message instead of immediately redirecting to login flow |
|
|
|
/** |
|
|
|
* Show a simple HTML page with a line of text and a button. Matches the UI of |
|
|
|
* the AccountHub login flow. |
|
|
|
* |
|
|
|
* @global type $SETTINGS |
|
|
|
* @global type $SECURE_NONCE |
|
|
|
* @global type $Strings |
|
|
|
* @param string $title Text to show, passed through i18n |
|
|
|
* @param string $button Button text, passed through i18n |
|
|
|
* @param string $url URL for the button |
|
|
|
*/ |
|
|
|
function showHTML(string $title, string $button, string $url) { |
|
|
|
global $SETTINGS, $SECURE_NONCE, $Strings; |
|
|
|
?> |
|
|
|
<!DOCTYPE html> |
|
|
|
<meta charset="UTF-8"> |
|
|
@@ -26,7 +37,6 @@ if (!empty($_GET['logout'])) { |
|
|
|
<link rel="icon" href="static/img/logo.svg"> |
|
|
|
|
|
|
|
<link href="static/css/bootstrap.min.css" rel="stylesheet"> |
|
|
|
<link href="static/css/svg-with-js.min.css" rel="stylesheet"> |
|
|
|
<style nonce="<?php echo $SECURE_NONCE; ?>"> |
|
|
|
.display-5 { |
|
|
|
font-size: 2.5rem; |
|
|
@@ -40,11 +50,6 @@ if (!empty($_GET['logout'])) { |
|
|
|
border: 1px solid grey; |
|
|
|
border-radius: 15%; |
|
|
|
} |
|
|
|
|
|
|
|
.blank-image { |
|
|
|
height: 100px; |
|
|
|
margin: 2em auto; |
|
|
|
} |
|
|
|
</style> |
|
|
|
|
|
|
|
<div class="container mt-4"> |
|
|
@@ -54,24 +59,25 @@ if (!empty($_GET['logout'])) { |
|
|
|
</div> |
|
|
|
|
|
|
|
<div class="col-12 text-center"> |
|
|
|
<h1 class="display-5 mb-4"><?php $Strings->get("You have been logged out.") ?></h1> |
|
|
|
<h1 class="display-5 mb-4"><?php $Strings->get($title); ?></h1> |
|
|
|
</div> |
|
|
|
|
|
|
|
<div class="col-12 col-sm-8 col-lg-6"> |
|
|
|
<div class="card mt-4"> |
|
|
|
<div class="card-body"> |
|
|
|
<a href="./index.php" class="btn btn-primary btn-block"><?php $Strings->get("Log in again"); ?></a> |
|
|
|
<a href="<?php echo $url; ?>" class="btn btn-primary btn-block"><?php $Strings->get($button); ?></a> |
|
|
|
</div> |
|
|
|
</div> |
|
|
|
</div> |
|
|
|
</div> |
|
|
|
</div> |
|
|
|
|
|
|
|
<script src="static/js/fontawesome-all.min.js"></script> |
|
|
|
<?php |
|
|
|
die(); |
|
|
|
} |
|
|
|
|
|
|
|
if (!empty($_GET['logout'])) { |
|
|
|
showHTML("You have been logged out.", "Log in again", "./index.php"); |
|
|
|
die(); |
|
|
|
} |
|
|
|
if (empty($_SESSION["login_code"])) { |
|
|
|
$redirecttologin = true; |
|
|
|
} else { |
|
|
@@ -84,13 +90,15 @@ if (empty($_SESSION["login_code"])) { |
|
|
|
$user = new User($uidinfo['uid'] * 1); |
|
|
|
foreach ($SETTINGS['permissions'] as $perm) { |
|
|
|
if (!$user->hasPermission($perm)) { |
|
|
|
die($Strings->get("no access permission", false)); |
|
|
|
showHTML("no access permission", "sign out", "./action.php?action=signout"); |
|
|
|
die(); |
|
|
|
} |
|
|
|
} |
|
|
|
Session::start($user); |
|
|
|
$_SESSION["login_code"] = null; |
|
|
|
header('Location: app.php'); |
|
|
|
die("Logged in, go to app.php"); |
|
|
|
showHTML("Logged in", "Continue", "./app.php"); |
|
|
|
die(); |
|
|
|
} else { |
|
|
|
throw new Exception(); |
|
|
|
} |
|
|
@@ -113,7 +121,10 @@ if ($redirecttologin) { |
|
|
|
|
|
|
|
$_SESSION["login_code"] = $codedata["code"]; |
|
|
|
|
|
|
|
header("Location: " . $codedata["loginurl"] . "?code=" . htmlentities($codedata["code"]) . "&redirect=" . htmlentities($redirecturl)); |
|
|
|
$locationurl = $codedata["loginurl"] . "?code=" . htmlentities($codedata["code"]) . "&redirect=" . htmlentities($redirecturl); |
|
|
|
header("Location: $locationurl"); |
|
|
|
showHTML("Continue", "Continue", $locationurl); |
|
|
|
die(); |
|
|
|
} catch (Exception $ex) { |
|
|
|
sendError($ex->getMessage()); |
|
|
|
} |