login: status 403 for initial unauthorised redirects

[minimedit.git] / login / index.php

diff --git a/login/index.php b/login/index.php
index c69ec3c5d48395939d6e612564303b0bb9cd760c..897346d98275f712f1fdfa8906bacbf2085b4eaa 100644 (file)
--- a/login/index.php
+++ b/login/index.php
@@ -35,9 +35,10 @@ elseif (isset($_GET['logout'])) {
        $message = "Je bent uitgelogd. Graag tot ziens!";
 }
 
-if (empty($User)) {
+if (!$User or !$User->login) {
        $Article->title = 'Inloggen';
        if (isset($_REQUEST['goto'])) {
+               if (empty($message)) http_response_code(403);
                $target = ltrim($_REQUEST['goto'], '/');
                $target = new ArchiveArticle("$target.html");
 
@@ -75,7 +76,7 @@ if (isset($_REQUEST['goto'])) {
 if (isset($Article->raw)) {
        print $Article->raw;
 }
-if (empty($Args) and $User and $User->admin) {
+if (empty($Args) and $User->admin) {
        include_once 'login/admin.html';
 }