login/post: require user to access

[minimedit.git] / login / post / index.php

diff --git a/login/post/index.php b/login/post/index.php
index 9578d3cc01d8ba41c175ac18ac0e8f2f5c24bb71..747683f08e0d388f1df0f4578bac6a5e6efc24ab 100644 (file)
--- a/login/post/index.php
+++ b/login/post/index.php
@@ -1,5 +1,11 @@
 <?php
-if ($User->admin('user') and $username = @$_REQUEST['login']) {
+if (!$User) {
+       http_response_code(303);
+       $target = urlencode($_SERVER['REQUEST_URI']);
+       header("Location: /login?goto=$target");
+       exit;
+}
+elseif ($User->admin('user') and $username = @$_REQUEST['login']) {
        try {
                $user = new User("profile/$username");
        }