From d593369c144c26819566108ebcdf4dce0afb2c54 Mon Sep 17 00:00:00 2001
From: Junior <junior@jaj.com>
Date: Thu, 17 Oct 2024 10:55:21 -0400
Subject: [PATCH] Make sure all ajax calls properly redirect to login page when
 required

---
 ajax/getfoldercontents.php | 16 ++++++++++++++--
 ajax/setpage.php           | 13 ++++++++++++-
 ajax/setpath.php           | 11 ++++++++++-
 ajax/showcomic.php         | 17 ++++++++++++++---
 authfunctions.php          | 13 +++++++++----
 js/comics.js               |  9 +++++++++
 6 files changed, 68 insertions(+), 11 deletions(-)

diff --git a/ajax/getfoldercontents.php b/ajax/getfoldercontents.php
index e7c761f..12db33c 100644
--- a/ajax/getfoldercontents.php
+++ b/ajax/getfoldercontents.php
@@ -2,7 +2,20 @@
 
 require '../header.php';
 
-require_login();
+$validated = require_login();
+
+$data = array();
+$data["error"] = false;
+$data["message"] = "";
+$data["validated"] = $validated;
+
+if ( !$validated ) {
+    $data["error"] = true;
+    $data["message"] = "Clients must validate accounts";
+    header('Content-Type: application/json');
+    echo json_encode($data);
+    exit();
+}
 
 # usort function for sorting by array's "mtime"
 # Return 1 or -1 in reverse order so newest is first
@@ -36,7 +49,6 @@ while ( $row = $sth->fetch(PDO::FETCH_ASSOC) ) {
     if ( !in_array($row['issue'], $issues_read) ) $issues_read[] = $row['issue'];
 }
 
-$data = array();
 $folders = array();
 $issues = array();
 $entries = scandir($fullcompath);
diff --git a/ajax/setpage.php b/ajax/setpage.php
index 980e697..dc8956d 100644
--- a/ajax/setpage.php
+++ b/ajax/setpage.php
@@ -1,9 +1,20 @@
 <?php
 
 require '../header.php';
-require_login();
+$validated = require_login(NOREDIRECT);
 
 $data = array();
+$data["error"] = false;
+$data["message"] = "";
+$data["validated"] = $validated;
+
+if ( !$validated ) {
+    $data["error"] = true;
+    $data["message"] = "Clients must validate accounts";
+    header('Content-Type: application/json');
+    echo json_encode($data);
+    exit();
+}
 
 if ( !isset($_REQUEST['page']) ) {
    exit();
diff --git a/ajax/setpath.php b/ajax/setpath.php
index a6da7a2..7bad9cd 100644
--- a/ajax/setpath.php
+++ b/ajax/setpath.php
@@ -2,13 +2,22 @@
 
 require "../header.php";
 
-require_login();
+$validated = require_login(NOREDIRECT);
 
 if ( !isset($_REQUEST['path']) ) exit();
 
 $data = array();
 $data["error"] = false;
 $data["message"] = "";
+$data["validated"] = $validated;
+
+if ( !$validated ) {
+    $data["error"] = true;
+    $data["message"] = "Clients must validate accounts";
+    header('Content-Type: application/json');
+    echo json_encode($data);
+    exit();
+}
 
 $newpath = urldecode($_REQUEST['path']);
 
diff --git a/ajax/showcomic.php b/ajax/showcomic.php
index 76fe076..e3ff453 100644
--- a/ajax/showcomic.php
+++ b/ajax/showcomic.php
@@ -2,7 +2,20 @@
 
 require '../header.php';
 
-require_login();
+$validated = require_login(NOREDIRECT);
+
+$data = array();
+$data["error"] = false;
+$data["message"] = "";
+$data["validated"] = $validated;
+
+if ( !$validated ) {
+    $data["error"] = true;
+    $data["message"] = "Clients must validate accounts";
+    header('Content-Type: application/json');
+    echo json_encode($data);
+    exit();
+}
 
 if ( isset($_REQUEST['comic']) ) {
    $comicfull = realpath(COMICSDIR . base64_decode(urldecode($_REQUEST['comic'])));
@@ -18,8 +31,6 @@ if ( isset($_REQUEST['comic']) ) {
 $ext = strtolower(substr($comicfull, -3));
 $_SESSION['comfile'] = basename($comicfull);
 
-$data = array();
-
 // Get the current page for this comic or 0 (zero) if never opened
 $query = "SELECT currentpage FROM pagetracker WHERE username=:username AND issue=:issue";
 $fields = array();
diff --git a/authfunctions.php b/authfunctions.php
index accd931..31aac2f 100644
--- a/authfunctions.php
+++ b/authfunctions.php
@@ -5,15 +5,20 @@
 // user login is required. Feel free to change the logic between
 // the lines indicated below.
 //
-function require_login () {
-   if ( !$_SESSION['validated'] ) {
+define("NOREDIRECT", false);
+function require_login ($redirect = true) {
+   if ( !is_bool($redirect) ) exit();
+   if ( !$_SESSION['validated'] && $redirect ) {
       //                         ******** START OF AUTH LOGIC ********
       $_SESSION['appurl'] = $_SERVER['REQUEST_URI'];
       header('Location: /jajauth/login.php');
       exit();
       //                         ********* END OF AUTH LOGIC *********
+   } elseif ( !$_SESSION['validated'] && !$redirect ) {
+      return false;
+   } elseif ( $_SESSION['validated'] ) {
+      return true;
    }
 }
 
-
-?>
+// vim: set ts=3 sw=3:
diff --git a/js/comics.js b/js/comics.js
index 7b5662d..260b2df 100644
--- a/js/comics.js
+++ b/js/comics.js
@@ -10,6 +10,11 @@ $(document).ready(function() {
 
 var lightbox = null;
 
+function redirectToLogin() {
+   console.log("Redirecting for login...");
+   window.location.replace("index.php");
+}
+
 function getFolderContents() {
    $("#list").html("");
    toastr.info("Loading folder contents. Comics containing a large number of issues, or issues with a large number of pages, that have not been opened recently may take some time to load. Thank you for your patience!", "Loading Contents...", {timeOut: 15000});
@@ -17,6 +22,7 @@ function getFolderContents() {
       url      : 'ajax/getfoldercontents.php',
       dataType : 'json',
       success  : function(data, stat, jqo) {
+                    if ( !data.validated ) redirectToLogin();
                     curpath = data.compath;
                     updatePathNavigator();
                     data.contents.forEach(function(entry, index) {
@@ -48,6 +54,7 @@ function changeFolder(name, path) {
       dataType : 'json',
       success  : function(data, stat, jqo) {
                     console.log(data.message);
+                    if ( !data.validated ) redirectToLogin();
                     curpath = path;
                     parentpath = data.parentpath;
                     foldername = data.foldername;
@@ -63,6 +70,7 @@ function updateCurrentPage() {
       data     : {page: currentPage},
       dataType : 'json',
       success  : function(data, stat, jqo) {
+                    if ( !data.validated ) redirectToLogin();
                     console.log(data.message);
                  }
    });
@@ -82,6 +90,7 @@ function showComic(comic, name) {
       data     : {comic: comic},
       dataType : 'json',
       success  : function(data, stat, jqo) {
+                    if ( !data.validated ) redirectToLogin();
                     // Clear out the debug DIV and start the fancybox.
                     $("#debug").html("");
                     lightbox = SimpleLightbox.open({