From 4cafad331058730398cb9cb0457954e4eae98d40 Mon Sep 17 00:00:00 2001
From: Miraty <miraty@antopie.org>
Date: Fri, 17 Jun 2022 15:45:52 +0200
Subject: [PATCH] redir()

---
 fn/common.php            | 10 ++++++++++
 public/auth/login.php    |  8 +-------
 public/auth/logout.php   |  2 +-
 public/auth/register.php |  2 +-
 4 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/fn/common.php b/fn/common.php
index 8b08708..4a4700e 100644
--- a/fn/common.php
+++ b/fn/common.php
@@ -76,3 +76,13 @@ function redirUrl($pageId) {
 	if (PAGE !== 'index') $currentPath .= PAGE;
 	return CONF['common']['prefix'] . "/$pageId?redir=$currentPath";
 }
+
+function redir() {
+	if (isset($_GET['redir'])) {
+		if (preg_match('/^[0-9a-z\/-]{0,128}$/', $_GET['redir']) !== 1)
+			userError("Wrong character in <code>redir</code>.");
+		header('Location: ' . CONF['common']['prefix'] . '/' . $_GET['redir']);
+	} else {
+		header('Location: ' . CONF['common']['prefix'] . '/');
+	}
+}
diff --git a/public/auth/login.php b/public/auth/login.php
index 15c9c6f..539f08e 100644
--- a/public/auth/login.php
+++ b/public/auth/login.php
@@ -33,12 +33,6 @@ $_SESSION['username'] = $_POST['username'];
 if (outdatedPasswordHash($_SESSION['username']))
 	changePassword($_SESSION['username'], $_POST['password']);
 
-if (isset($_GET['redir'])) {
-	if (preg_match("/^[0-9a-z\/-]+$/", $_GET['redir']) !== 1)
-		userError("Wrong character in <code>redir</code>.");
-	header("Location: " . CONF['common']['prefix'] . "/" . $_GET['redir']);
-} else {
-	header("Location: " . CONF['common']['prefix'] . "/");
-}
+redir();
 
 success("Connecté·e.");
diff --git a/public/auth/logout.php b/public/auth/logout.php
index fce9780..6d381dc 100644
--- a/public/auth/logout.php
+++ b/public/auth/logout.php
@@ -6,5 +6,5 @@ if (session_status() === PHP_SESSION_ACTIVE)
 	session_destroy();
 
 header('Clear-Site-Data: "*"');
-header('Location: ' . CONF['common']['prefix'] . '/');
+redir();
 success("Déconnecté·e.");
diff --git a/public/auth/register.php b/public/auth/register.php
index 303bbf6..14f1180 100644
--- a/public/auth/register.php
+++ b/public/auth/register.php
@@ -52,6 +52,6 @@ $stmt->execute();
 
 $_SESSION['username'] = $_POST['username'];
 
-header('Location: ' . CONF['common']['prefix'] . '/');
+redir();
 
 success("Compte créé.");