diff options
| -rw-r--r-- | www/auth.php | 5 | ||||
| -rw-r--r-- | www/secure.php | 1 |
2 files changed, 4 insertions, 2 deletions
diff --git a/www/auth.php b/www/auth.php index 8fe38e0..6d13f7e 100644 --- a/www/auth.php +++ b/www/auth.php @@ -230,10 +230,10 @@ if (isset($_POST['start'])) { $openid = $message->getArrayFormat(); if ($GLOBALS['phorkie']['auth']['secure'] > 0 && $GLOBALS['phorkie']['auth']['userlist']) { - if (!in_array($openid['openid.identity'], $GLOBALS['phorkie']['users'])) { + if (!in_array($openid['openid.identity'], $GLOBALS['phorkie']['users'])) { $redirect = 'http://' . $_SERVER['HTTP_HOST'] . "/forbidden"; header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL)); - exit; + exit; } } // include_once 'openid/wrapper.php'; @@ -253,6 +253,7 @@ if (isset($_POST['start'])) { $redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SESSION['REQUEST_URI']; header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL)); + exit; } ?> diff --git a/www/secure.php b/www/secure.php index 5893033..07cdfb6 100644 --- a/www/secure.php +++ b/www/secure.php @@ -7,5 +7,6 @@ require_once 'www-header.php'; $_SESSION['REQUEST_URI'] = $_SERVER['REQUEST_URI']; if (!isset($_SESSION['identity'])) { header("Location: /login"); + exit; } ?> |