From 8f8130634e40f6a24295b7bab449a43ed7c5aa80 Mon Sep 17 00:00:00 2001 From: Igor Scheller Date: Tue, 8 Oct 2019 15:23:46 +0200 Subject: Show normal login page after registration, added msg() template function --- includes/pages/guest_login.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'includes/pages') diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index 280743e5..170572e4 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -242,9 +242,9 @@ function guest_register() redirect(page_link_to('register')); } - // If a welcome message is present, display registration success page. + // If a welcome message is present, display it on the next page if ($message = $config->get('welcome_msg')) { - return User_registration_success_view($message); + info((new Parsedown())->text($message)); } redirect(page_link_to('/')); -- cgit v1.2.3-70-g09d2 From fc773b25b3de455f7e74334156926f644f04db98 Mon Sep 17 00:00:00 2001 From: Igor Scheller Date: Wed, 18 Sep 2019 14:09:30 +0200 Subject: Use 403 forbidden on shifts json, atom export and ical export --- includes/controller/shifts_controller.php | 16 +++++++++------- includes/helper/error_helper.php | 11 ----------- includes/includes.php | 1 - includes/pages/user_atom.php | 16 +++++++++------- includes/pages/user_ical.php | 17 ++++++++++------- 5 files changed, 28 insertions(+), 33 deletions(-) delete mode 100644 includes/helper/error_helper.php (limited to 'includes/pages') diff --git a/includes/controller/shifts_controller.php b/includes/controller/shifts_controller.php index caf124ba..726814cf 100644 --- a/includes/controller/shifts_controller.php +++ b/includes/controller/shifts_controller.php @@ -1,5 +1,6 @@ apiUser('key'); - if (!$request->has('key') || !preg_match('/^[\da-f]{32}$/', $request->input('key'))) { - engelsystem_error('Missing key.'); + if ( + !$request->has('key') + || !preg_match('/^[\da-f]{32}$/', $request->input('key')) + || !$user + ) { + throw new HttpForbidden('{"error":"Missing or invalid key"}', ['content-type' => 'application/json']); } - $user = auth()->apiUser('key'); - if (!$user) { - engelsystem_error('Key invalid.'); - } if (!auth()->can('shifts_json_export')) { - engelsystem_error('No privilege for shifts_json_export.'); + throw new HttpForbidden('{"error":"Not allowed"}', ['content-type' => 'application/json']); } $shifts = load_ical_shifts(); diff --git a/includes/helper/error_helper.php b/includes/helper/error_helper.php deleted file mode 100644 index 9314a57a..00000000 --- a/includes/helper/error_helper.php +++ /dev/null @@ -1,11 +0,0 @@ -apiUser('key'); - if (!$request->has('key') || !preg_match('/^[\da-f]{32}$/', $request->input('key'))) { - engelsystem_error('Missing key.'); + if ( + !$request->has('key') + || !preg_match('/^[\da-f]{32}$/', $request->input('key')) + || empty($user) + ) { + throw new HttpForbidden('Missing or invalid key', ['content-type' => 'text/text']); } - $user = auth()->apiUser('key'); - if (empty($user)) { - engelsystem_error('Key invalid.'); - } if (!auth()->can('atom')) { - engelsystem_error('No privilege for atom.'); + throw new HttpForbidden('Not allowed', ['content-type' => 'text/text']); } $news = DB::select(' diff --git a/includes/pages/user_ical.php b/includes/pages/user_ical.php index ee3a8340..2f3a7ccc 100644 --- a/includes/pages/user_ical.php +++ b/includes/pages/user_ical.php @@ -1,22 +1,25 @@ apiUser('key'); - if (!$request->has('key') || !preg_match('/^[\da-f]{32}$/', $request->input('key'))) { - engelsystem_error('Missing key.'); + if ( + !$request->has('key') + || !preg_match('/^[\da-f]{32}$/', $request->input('key')) + || !$user + ) { + throw new HttpForbidden('Missing or invalid key', ['content-type' => 'text/text']); } - $user = auth()->apiUser('key'); - if (!$user) { - engelsystem_error('Key invalid.'); - } if (!auth()->can('ical')) { - engelsystem_error('No privilege for ical.'); + throw new HttpForbidden('Not allowed', ['content-type' => 'text/text']); } $ical_shifts = load_ical_shifts(); -- cgit v1.2.3-70-g09d2