Merge pull request #33 from dpi209/master

Fixes for three issues
CosmoQuestX · Feb 19, 2020 · 7afb8e7 · 7afb8e7
2 parents fb07751 + 5c6c5c9
commit 7afb8e7
Show file tree

Hide file tree

Showing 5 changed files with 368 additions and 360 deletions.
diff --git a/apps.php b/apps.php
@@ -24,6 +24,7 @@
 
 if (!$user) {
     header("Location: $BASE_URL");
+    exit();
 }
 
 /* ----------------------------------------------------------------------
@@ -33,6 +34,7 @@
 if (!isset($_GET) || !isset($_GET['app']) || !is_dir(realpath($BASE_DIR . 'csb-apps/' . $_GET['app']))) {
     // TODO this could probably redirect to a 404 page
     header("Location: $BASE_URL");
+    exit();
 }
 
 $app = $_GET['app'];

diff --git a/csb-accounts/auth-login.php b/csb-accounts/auth-login.php
@@ -58,12 +58,14 @@
         if(!empty($error)) {
             $_SESSION['errMsg'] = "Error:" . $error;
             header("Location: " . $ACC_URL . "register.php");
+            exit();
         }
         // No errors? Kill the error
         else {
             regUser($db, $_POST, $hashed);
             // Send the newly registered user off to the main page instead of presenting a blank page.
             header("Location: " . $BASE_URL);
+            exit();
         }
 
     /* Rescuing a Password ---------------------------------------------- */
@@ -82,14 +84,15 @@
         } else {
             $_SESSION['errMsg'] = "No username or email matched: $name";
             header("Location: " . $ACC_URL."/rescue.php");
+            exit();
         }
     } elseif ($_POST['go'] == 'passwordReset') {
         $hashed = password_hash($_POST['password'], PASSWORD_DEFAULT);
 
         $query = "UPDATE users SET password ='".$hashed."'  WHERE email = '".$_POST['email']."'";
         $db->runQuery($query);
         header("Location: " . $ACC_URL."/rescue.php?go=success");
-
+        exit();
     } else { // Javascript checks should prevent this from happening
         die("You don't belong here. Run away. Run away from the error.");
     }
@@ -182,7 +185,7 @@ function login($db, $user)
 
     // Send them where they belong 
     header("Location: " . $user['referringURL']);
-
+    exit();
 }
 
 /**
@@ -323,8 +326,7 @@ function rescueUser ($db, $using, $value) {
     // Everything worked so remove error msg
     unset($_SESSION['errMsg']);
     header("Location: ".$ACC_URL."rescue.php?go=submitted");
-
-
+    exit();
 }
 
 ?>