login: status 403 for initial unauthorised redirects

Appropriate error code for original requests.

diff --git a/login/index.php b/login/index.php
index 6783a47c9d73d9b9dfeffe42025565ba3e51a889..897346d98275f712f1fdfa8906bacbf2085b4eaa 100644 (file)
--- a/login/index.php
+++ b/login/index.php
@@ -38,6 +38,7 @@ elseif (isset($_GET['logout'])) {
 if (!$User or !$User->login) {
        $Article->title = 'Inloggen';
        if (isset($_REQUEST['goto'])) {
+               if (empty($message)) http_response_code(403);
                $target = ltrim($_REQUEST['goto'], '/');
                $target = new ArchiveArticle("$target.html");