diff options
| author | Lester Caine <lester@lsces.co.uk> | 2026-06-06 22:46:23 +0100 |
|---|---|---|
| committer | Lester Caine <lester@lsces.co.uk> | 2026-06-06 22:46:23 +0100 |
| commit | 351de64a6e302b566eab1ac2c0c95e011efd86f7 (patch) | |
| tree | d0a3a62ac44008916e8e40e703219dc3afc64fb6 | |
| parent | 3a9de79726296c7185ca632cc660c5c5750f5bf1 (diff) | |
| download | kernel-351de64a6e302b566eab1ac2c0c95e011efd86f7.tar.gz kernel-351de64a6e302b566eab1ac2c0c95e011efd86f7.tar.bz2 kernel-351de64a6e302b566eab1ac2c0c95e011efd86f7.zip | |
kernel: redirect non-admin to signin when INSTALLER_FORCE is active
Replace the inline login form (which suffered from session cookie name
inconsistency) with a direct redirect to signin.php. The post-login
redirect to install.php is now handled by validate.php checking the
version mismatch directly, which is session-independent.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
| -rwxr-xr-x | includes/setup_inc.php | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/includes/setup_inc.php b/includes/setup_inc.php index 36ab633..8939fbc 100755 --- a/includes/setup_inc.php +++ b/includes/setup_inc.php @@ -274,8 +274,12 @@ if( $gBitSystem->isDatabaseValid() ) { // INSTALLER_FORCE was set earlier and here we force the installer if needed. if( defined( 'INSTALLER_FORCE' )) { - // After login via validate.php, redirect back to the installer rather than the site homepage. - $_SESSION['loginfrom'] = INSTALL_PKG_URL.'install.php'; + if( !$gBitUser->isAdmin() ) { + // Non-admin: redirect to the normal signin page so the reliable cookie/session + // login flow handles auth, then bring the user back to the installer. + $_SESSION['loginfrom'] = INSTALL_PKG_URL.'install.php'; + KernelTools::bit_redirect( USERS_PKG_URL.'signin.php' ); + } $gBitSmarty->display( "bitpackage:kernel/force_installer.tpl" ); die; }
\ No newline at end of file |