projects/usbcheck.it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

up

Browse Source
This commit is contained in:
Lars Gebhardt-Kusche
2025-11-24 23:42:55 +01:00
parent c26d847f1c
commit 804b7da7f0
4 changed files with 45 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
public/.htaccess
View File

@@ -1,5 +1,17 @@
RewriteEngine On RewriteEngine On
# 1) Nur Root von *.ismyusbfake.com nach /fakecheck/ umleiten
RewriteCond %{HTTP_HOST} (^|\.)ismyusbfake\.com$ [NC]
RewriteRule ^$ /fakecheck/ [L,R=301]
# 1b) *.ismyusbfake.com mit Subpfad:
# /123456 → /fakecheck/?referrer=123456
RewriteCond %{HTTP_HOST} (^|\.)ismyusbfake\.com$ [NC]
# nicht erneut anfassen, wenn wir schon in /fakecheck/ sind
RewriteCond %{REQUEST_URI} !^/fakecheck(/|$) [NC]
# genau ein Segment: /slug oder /slug/
RewriteCond %{REQUEST_URI} ^/([^/]+)/?$ [NC]
RewriteRule ^ /fakecheck/?referrer=%1 [L,R=302]
# 2) /uploads/avatar schützen # 2) /uploads/avatar schützen
RewriteRule ^uploads/avatar/ - [F] RewriteRule ^uploads/avatar/ - [F]
@@ -45,7 +57,7 @@ RewriteRule ^(.+?)/?$ $1/index.php [L]
RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-d
# systempfade nicht abfangen # Systempfade nicht abfangen
RewriteCond %{REQUEST_URI} !^/(assets|uploads|auth|landingpage|_errors)/ [NC] RewriteCond %{REQUEST_URI} !^/(assets|uploads|auth|landingpage|_errors)/ [NC]
# interne Weiterleitung auf deine Fehlerseite # interne Weiterleitung auf deine Fehlerseite

0
public/assets/js/domain.js Normal file
View File

0
public/landingpage/fakecheck/.htaccess Normal file
View File

40
src/auth/login.php
View File

@@ -132,20 +132,44 @@ $_SESSION['user'] = [
]; ];
/* --------------------------------------------------------- /* ---------------------------------------------------------
FLASH & REDIRECT FLASH & SMART REDIRECT
--------------------------------------------------------- */ --------------------------------------------------------- */
flash_set('success', 'Willkommen zurück, ' . ($user['first_name'] ?: 'User') . '!', 'login'); flash_set('success', 'Willkommen zurück, ' . ($user['first_name'] ?: 'User') . '!', 'login');
// Redirect absichern: nur interne Pfade // redirect normalisieren
$target = is_string($redirect) ? trim($redirect) : '/'; $redirect = trim((string)($redirect ?? ''));
if ($target === '' || !str_starts_with($target, '/')) {
$target = '/'; // Flag: sollen wir stattdessen aufs Dashboard?
$goDashboard = false;
// 1) redirect leer → Dashboard
if ($redirect === '') {
$goDashboard = true;
} }
// Sprache anhängen // 2) redirect zeigt auf /login → Dashboard (Endlosschleife vermeiden)
$sep = (strpos($target, '?') === false) ? '?' : '&'; if (!$goDashboard && preg_match('#^/login(/|\?|$)#i', $redirect)) {
$target = $target . $sep . 'lang=' . urlencode($lang); $goDashboard = true;
}
// 3) redirect ist keine interne URL → Dashboard (Sicherheit!)
if (!$goDashboard && strpos($redirect, '/') !== 0) {
$goDashboard = true;
}
// 4) Finales Ziel bestimmen
if ($goDashboard) {
// Immer Dashboard-Seite
$target = '/dashboard/?lang=' . urlencode($lang);
} else {
// Internes Ziel, Sprache anhängen falls noch nicht vorhanden
if (strpos($redirect, 'lang=') === false) {
$sep = (strpos($redirect, '?') === false) ? '?' : '&';
$redirect = $redirect . $sep . 'lang=' . urlencode($lang);
}
$target = $redirect;
}
header('Location: ' . $target); header('Location: ' . $target);
exit; exit;