X-Git-Url: http://git.shiar.nl/minimedit.git/blobdiff_plain/85536cb70f85743054b6b3abfc36d05662e6878d..f8cfc76a8f02504af15ae89ac6f4896f072ff0a8:/login/index.php

diff --git a/login/index.php b/login/index.php
index 40fcb61..f94984b 100644
--- a/login/index.php
+++ b/login/index.php
@@ -1,4 +1,5 @@
 <?php
+if ($Page->api) return;
 $message = NULL;
 
 if (isset($_POST['mail'])) {
@@ -10,10 +11,12 @@ if (isset($_POST['mail'])) {
 			$message = "Er is een e-mail verstuurd naar $inputq.";
 		}
 		else {
+			http_response_code(404);
 			$message = "E-mailadres $inputq is nergens ingesteld.";
 		}
 	}
 	catch (Exception $e) {
+		http_response_code(500);
 		$message = "E-mail kon niet verstuurd worden."
 			. " Probeer het later nog eens of neem contact op.";
 	}
@@ -23,6 +26,7 @@ elseif (isset($_POST['login'])) {
 		login_setcookie();
 	}
 	else {
+		http_response_code(403);
 		$message = 'Ongeldige gebruikersnaam of wachtwoord.';
 	}
 }
@@ -32,22 +36,40 @@ elseif (isset($_GET['logout'])) {
 	$message = "Je bent uitgelogd. Graag tot ziens!";
 }
 
-if (empty($User)) {
-	ob_clean();
+if (!$User or !$User->login) {
+	$Page->title = 'Inloggen';
+	if (isset($_REQUEST['goto'])) {
+		if (empty($message)
+		and !preg_match('(^WhatsApp/)', $_SERVER['HTTP_USER_AGENT'])) {
+			http_response_code(403);
+		}
+		$target = ltrim($_REQUEST['goto'], '/');
+		$target = new ArchiveArticle(file_exists("$target/index.html") ? "$target/index.html" : "$target.html");
+		$target->index; # run forbidden handler to determine metadata
+
+		if ($target->title) {
+			$Page->title .= ' voor ' . $target->title;
+		}
+		$Page->image = $target->image;
+		$Page->teaser = $target->teaser;
+	}
+	ob_start();
 	require_once 'login/form.inc.php';
-	$Place['warn'] = $message;
+	$Page->raw = ob_get_clean();
+	$Page->place['warn'] = $message;
 	return TRUE;
 }
 
-if (isset($_GET['goto'])) {
-	ob_clean();
-	$target = ltrim($_GET['goto'], '/');
-	header("Location: /$target");
-	http_response_code(302);
-	exit;
+if (isset($_REQUEST['goto'])) {
+	$target = ltrim($_REQUEST['goto'], '/');
+	abort("/$target", '303 Return');
 }
 
-if (empty($Args) and !empty($User['admin'])) {
+if (isset($Page->raw)) {
+	print $Page->raw;
+}
+if (empty($Page->path) and $User->admin) {
 	include_once 'login/admin.html';
-	include_once 'login/admin/index.php';
 }
+
+return;