-if ($User->admin('user') and $username = @$_REQUEST['login']) {
+if ($Page->api) return;
+
+if (!$User->login) {
+ $target = urlencode($_SERVER['REQUEST_URI']);
+ abort("/login?goto=$target", 303);
+}
+elseif ($User->admin('user') and $username = @$_REQUEST['login']) {
if ( $password = trim(@file_get_contents("{$user->dir}/.passwd")) ) {
if (substr($password, 0, 1) == '$') {
$password = NULL; // hashed
}
if ( $password = trim(@file_get_contents("{$user->dir}/.passwd")) ) {
if (substr($password, 0, 1) == '$') {
$password = NULL; // hashed
}