From b8b5759174c0734d6682502b4e1830334dd0df13 Mon Sep 17 00:00:00 2001
From: "Justin J. Novack" <jnovack@gmail.com>
Date: Mon, 17 Sep 2012 15:20:48 -0400
Subject: [PATCH] FIX: Removed forbidden page, added to secure.php

---
 README.rst        |  3 ---
 www/.htaccess     |  1 -
 www/forbidden.php | 15 ---------------
 www/secure.php    | 10 ++++++++--
 4 files changed, 8 insertions(+), 21 deletions(-)
 delete mode 100644 www/forbidden.php

diff --git a/README.rst b/README.rst
index 56bef95..0b40b39 100644
--- a/README.rst
+++ b/README.rst
@@ -194,8 +194,6 @@ URLs
   Login page for protecting site
 ``/auth``
   Authentication callback url
-``/forbidden``
-  Access denied page
 ``/user``
   Edit logged-in user information
 
@@ -239,6 +237,5 @@ If you use nginx, place the following lines into your ``server`` block:
 
     rewrite ^/login$ /login.php;
     rewrite ^/auth$ /auth.php;
-    rewrite ^/forbidden$ /forbidden.php;
     rewrite ^/user$ /user.php;
   }
diff --git a/www/.htaccess b/www/.htaccess
index 4c52627..f6c3720 100644
--- a/www/.htaccess
+++ b/www/.htaccess
@@ -23,5 +23,4 @@ RewriteRule ^search/([0-9]+)$ /search.php?page=$1
 
 RewriteRule ^auth$ /auth.php
 RewriteRule ^login$ /login.php
-RewriteRule ^forbidden$ /forbidden.php
 RewriteRule ^user$ /user.php
diff --git a/www/forbidden.php b/www/forbidden.php
deleted file mode 100644
index 3646b0a..0000000
--- a/www/forbidden.php
+++ /dev/null
@@ -1,15 +0,0 @@
-<?php
-/**
- * Access Denied page
- */
-namespace phorkie;
-require_once 'www-header.php';
-
-$db = new Database();
-render(
-    'forbidden',
-    array(
-        'recents'     => $db->getSearch()->listAll(0, 5, 'crdate', 'desc'),
-    )
-);
-?>
diff --git a/www/secure.php b/www/secure.php
index 4b81d59..e614087 100644
--- a/www/secure.php
+++ b/www/secure.php
@@ -12,8 +12,14 @@ if (!isset($_SESSION['identity'])) {
 if ($GLOBALS['phorkie']['auth']['secure'] > 0 &&
     $GLOBALS['phorkie']['auth']['userlist']) {
     if (!in_array($_SESSION['identity'], $GLOBALS['phorkie']['users'])) {
-        $redirect = 'http://' . $_SERVER['HTTP_HOST'] . "/forbidden";
-        header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
+        header('HTTP/1.1 403 Forbidden');
+        $db = new Database();
+        render(
+            'forbidden',
+            array(
+                'recents'     => $db->getSearch()->listAll(0, 5, 'crdate', 'desc'),
+            )
+        );
         exit;
     }
 }
-- 
2.30.2