FIX: Removed forbidden page, added to secure.php
authorJustin J. Novack <jnovack@gmail.com>
Mon, 17 Sep 2012 19:20:48 +0000 (15:20 -0400)
committerJustin J. Novack <jnovack@gmail.com>
Mon, 17 Sep 2012 19:20:48 +0000 (15:20 -0400)
README.rst
www/.htaccess
www/forbidden.php [deleted file]
www/secure.php

index 56bef95..0b40b39 100644 (file)
@@ -194,8 +194,6 @@ URLs
   Login page for protecting site
 ``/auth``
   Authentication callback url
-``/forbidden``
-  Access denied page
 ``/user``
   Edit logged-in user information
 
@@ -239,6 +237,5 @@ If you use nginx, place the following lines into your ``server`` block:
 
     rewrite ^/login$ /login.php;
     rewrite ^/auth$ /auth.php;
-    rewrite ^/forbidden$ /forbidden.php;
     rewrite ^/user$ /user.php;
   }
index 4c52627..f6c3720 100644 (file)
@@ -23,5 +23,4 @@ RewriteRule ^search/([0-9]+)$ /search.php?page=$1
 
 RewriteRule ^auth$ /auth.php
 RewriteRule ^login$ /login.php
-RewriteRule ^forbidden$ /forbidden.php
 RewriteRule ^user$ /user.php
diff --git a/www/forbidden.php b/www/forbidden.php
deleted file mode 100644 (file)
index 3646b0a..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-<?php
-/**
- * Access Denied page
- */
-namespace phorkie;
-require_once 'www-header.php';
-
-$db = new Database();
-render(
-    'forbidden',
-    array(
-        'recents'     => $db->getSearch()->listAll(0, 5, 'crdate', 'desc'),
-    )
-);
-?>
index 4b81d59..e614087 100644 (file)
@@ -12,8 +12,14 @@ if (!isset($_SESSION['identity'])) {
 if ($GLOBALS['phorkie']['auth']['secure'] > 0 &&
     $GLOBALS['phorkie']['auth']['userlist']) {
     if (!in_array($_SESSION['identity'], $GLOBALS['phorkie']['users'])) {
-        $redirect = 'http://' . $_SERVER['HTTP_HOST'] . "/forbidden";
-        header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
+        header('HTTP/1.1 403 Forbidden');
+        $db = new Database();
+        render(
+            'forbidden',
+            array(
+                'recents'     => $db->getSearch()->listAll(0, 5, 'crdate', 'desc'),
+            )
+        );
         exit;
     }
 }