From af53ec7a01517daa7aed4eba6771c67db0f2c3ad Mon Sep 17 00:00:00 2001
From: Mojtaba <khodakhah.mojtaba@yahoo.com>
Date: Sat, 2 Oct 2021 12:39:42 +0200
Subject: [PATCH] Solved the security bug after login!

---
 nodcms-core/Config/Filters.php               |  2 +-
 nodcms-core/Filters/IdentityVerification.php |  4 +-
 nodcms-layout/Views/nodcms_admin_login.php   | 59 --------------------
 nodcms-users/Config/Routes.php               |  2 +-
 4 files changed, 5 insertions(+), 62 deletions(-)
 delete mode 100644 nodcms-layout/Views/nodcms_admin_login.php

diff --git a/nodcms-core/Config/Filters.php b/nodcms-core/Config/Filters.php
index 5e3d3da3..52ce3d4e 100644
--- a/nodcms-core/Config/Filters.php
+++ b/nodcms-core/Config/Filters.php
@@ -38,6 +38,6 @@ class Filters extends BaseConfig
 	//    'isLoggedIn' => ['before' => ['account/*', 'profiles/*']],
 	public $filters = [
         'urlLocale' => ['before' => ['[a-z]{2}', '[a-z]{2}/*'], 'after' => []],
-        'identityVerification' => ['before' => ['admin/*', 'user/*'], 'after' => []],
+        'identityVerification' => ['before' => ['admin', 'admin/*', 'admin-*', 'user/*'], 'after' => []],
     ];
 }
diff --git a/nodcms-core/Filters/IdentityVerification.php b/nodcms-core/Filters/IdentityVerification.php
index 7b8b67ad..204b48bd 100644
--- a/nodcms-core/Filters/IdentityVerification.php
+++ b/nodcms-core/Filters/IdentityVerification.php
@@ -37,8 +37,10 @@ public function before(RequestInterface $request, $arguments = null)
     {
         $response = Services::quickResponse();
 
+        $lang = Services::language()->getLocale();
+
         if(!Services::identity()->isValid()){
-            return $response->getError(lang("Please login to access this page."), "/admin-sign");
+            return $response->getError(lang("Please login to access this page."), "/{$lang}/login");
         }
 
         if(!Services::identity()->isActive()) {
diff --git a/nodcms-layout/Views/nodcms_admin_login.php b/nodcms-layout/Views/nodcms_admin_login.php
deleted file mode 100644
index cb118030..00000000
--- a/nodcms-layout/Views/nodcms_admin_login.php
+++ /dev/null
@@ -1,59 +0,0 @@
-<!DOCTYPE html>
-<html lang="<?=$_SESSION["language"]["code"]?>">
-
-<!-- Mirrored from thevectorlab.net/flatlab/login.html by HTTrack Website Copier/3.x [XR&CO'2010], Sun, 09 Feb 2014 08:47:28 GMT -->
-<head>
-    <meta charset="utf-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <link rel="shortcut icon" href="<?=base_url(isset($settings["fav_icon"])?$settings["fav_icon"]:"")?>">
-
-    <title><?=_l('Administration',$this)?> <?=isset($settings["company"])?$settings["company"]:""?></title>
-
-    <!-- Bootstrap core CSS -->
-    <link href="<?=base_url("assets/flatlab/css/bootstrap.min.css"); ?>" rel="stylesheet">
-    <link href="<?=base_url("assets/flatlab/css/bootstrap-reset.css"); ?>" rel="stylesheet">
-    <!--external css-->
-    <link href="<?=base_url("assets/flatlab/assets/font-awesome/css/font-awesome.css"); ?>" rel="stylesheet" />
-    <!-- Custom styles for this template -->
-    <link href="<?=base_url("assets/flatlab/css/style.css"); ?>" rel="stylesheet">
-    <?php if($_SESSION["language"]["rtl"]==1){ ?>
-    <link href="<?=base_url("assets/flatlab/css/rtl.css"); ?>" rel="stylesheet">
-    <?php } ?>
-    <link href="<?=base_url("assets/backend_custom/css/style.css"); ?>" rel="stylesheet">
-    <link href="<?=base_url("assets/flatlab/css/style-responsive.css"); ?>" rel="stylesheet" />
-
-    <!-- HTML5 shim and Respond.js IE8 support of HTML5 tooltipss and media queries -->
-    <!--[if lt IE 9]>
-    <script src="<?=base_url("assets/flatlab/js/html5shiv.js"); ?>"></script>
-    <script src="<?=base_url("assets/flatlab/js/respond.min.js"); ?>"></script>
-    <![endif]-->
-</head>
-
-<body class="login-body">
-
-<div class="container">
-    <form class="form-signin" action="<?=base_url("admin-sign/login/"); ?>" method="post">
-        <h2 class="form-signin-heading"><?=_l('Sign Panel',$this)?></h2>
-        <div class="login-wrap">
-            <input name="username" id="username" type="text" class="form-control" placeholder="<?=_l('Username',$this)?>" autofocus>
-            <input name="password" id="password" type="password" class="form-control" placeholder="<?=_l('Password',$this)?>">
-
-            <button class="btn btn-lg btn-login btn-block" type="submit"><?=_l('Sign in',$this)?></button>
-            <p><?=_l('This is just for Administrators',$this)?></p>
-            <?php if($this->session->flashdata('message')!=''){ ?><div class="alert alert-danger"><?=$this->session->flashdata('message')?></div><?php } ?>
-        </div>
-    </form>
-
-</div>
-
-
-
-<!-- js placed at the end of the document so the pages load faster -->
-<script src="<?=base_url("assets/flatlab/js/jquery.js"); ?>"></script>
-<script src="<?=base_url("assets/flatlab/js/bootstrap.min.js"); ?>"></script>
-
-
-</body>
-
-<!-- Mirrored from thevectorlab.net/flatlab/login.html by HTTrack Website Copier/3.x [XR&CO'2010], Sun, 09 Feb 2014 08:47:29 GMT -->
-</html>
diff --git a/nodcms-users/Config/Routes.php b/nodcms-users/Config/Routes.php
index 4099bebe..6acecbab 100644
--- a/nodcms-users/Config/Routes.php
+++ b/nodcms-users/Config/Routes.php
@@ -23,7 +23,7 @@
 
 $namespace = "\NodCMS\Users\Controllers\\";
 
-$routes->match(['post', 'get'],'{locale}/(admin-sign|login)', "{$namespace}Users::login");
+$routes->match(['post', 'get'],'{locale}/login', "{$namespace}Users::login");
 $routes->get('account-locked', "{$namespace}Users::accountLocked");
 $routes->get('{locale}/account-locked', "{$namespace}Users::accountLocked");
 $routes->get('logout', "{$namespace}Users::logout");