consistently use empty() to check user existence

[minimedit.git] / page.php

diff --git a/page.php b/page.php
index 02886a77a04d88faac98d30f7b7570a1a23ba375..20f8244ac0684bd973df5e6bd9a924d5e9ad8695 100644 (file)
--- a/page.php
+++ b/page.php
@@ -56,18 +56,18 @@ $Edit = isset($_GET['edit']);
 # distinguish subpage Args from topmost Page script
 
 $Args = '';
-$Page = preg_replace('/\?.*/', '', $_SERVER['REQUEST_URI']);
+$Page = preg_replace('/\?.*/', '', @$_SERVER['PATH_INFO'] ?: $_SERVER['REQUEST_URI']);
 $Page = urldecode(trim($Page, '/')) ?: 'index';
 while (TRUE) {
        if (file_exists("$Page/.private")) {
                # access restriction
-               if (!isset($User)) {
-                       http_response_code(403);
-                       include_once 'page.inc.php';
-                       ob_start();
-                       @require_once './403.html';
+               if (empty($User)) {
+                       http_response_code(303);
+                       $target = urlencode($_SERVER['REQUEST_URI']);
+                       header("Location: /login?goto=$target");
                        exit;
                }
+               $PageAccess = $Page;
        }
 
        if (file_exists("$Page.php")) {
@@ -95,7 +95,7 @@ if (file_exists("$Page$Args/index.html")) {
 elseif (file_exists("$Page$Args.html")) {
        $found = include "./$Page$Args.html";
 }
-elseif (isset($User) and $User['admin']) {
+elseif (!empty($User['admin'])) {
        $found = include (file_exists("$Page/template.html") ? "$Page/template.html" : './template.html');
 }
 
@@ -104,7 +104,7 @@ print "</div>\n\n";
 # execute dynamic code
 
 if ($Page) {
-       $found |= @require "./$Page.php";
+       $found |= require "./$Page.php";
 }
 
 # global html