Solved the security bug after login!

khodakhah · Oct 2, 2021 · af53ec7 · af53ec7
1 parent 99eadbf
commit af53ec7
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 62 deletions.
diff --git a/nodcms-core/Config/Filters.php b/nodcms-core/Config/Filters.php
@@ -38,6 +38,6 @@ class Filters extends BaseConfig
 	//    'isLoggedIn' => ['before' => ['account/*', 'profiles/*']],
 	public $filters = [
         'urlLocale' => ['before' => ['[a-z]{2}', '[a-z]{2}/*'], 'after' => []],
-        'identityVerification' => ['before' => ['admin/*', 'user/*'], 'after' => []],
+        'identityVerification' => ['before' => ['admin', 'admin/*', 'admin-*', 'user/*'], 'after' => []],
     ];
 }
diff --git a/nodcms-core/Filters/IdentityVerification.php b/nodcms-core/Filters/IdentityVerification.php
@@ -37,8 +37,10 @@ public function before(RequestInterface $request, $arguments = null)
     {
         $response = Services::quickResponse();
 
+        $lang = Services::language()->getLocale();
+
         if(!Services::identity()->isValid()){
-            return $response->getError(lang("Please login to access this page."), "/admin-sign");
+            return $response->getError(lang("Please login to access this page."), "/{$lang}/login");
         }
 
         if(!Services::identity()->isActive()) {

diff --git a/nodcms-layout/Views/nodcms_admin_login.php b/nodcms-layout/Views/nodcms_admin_login.php
diff --git a/nodcms-users/Config/Routes.php b/nodcms-users/Config/Routes.php
@@ -23,7 +23,7 @@
 
 $namespace = "\NodCMS\Users\Controllers\\";
 
-$routes->match(['post', 'get'],'{locale}/(admin-sign|login)', "{$namespace}Users::login");
+$routes->match(['post', 'get'],'{locale}/login', "{$namespace}Users::login");
 $routes->get('account-locked', "{$namespace}Users::accountLocked");
 $routes->get('{locale}/account-locked', "{$namespace}Users::accountLocked");
 $routes->get('logout', "{$namespace}Users::logout");