remove hard-coded /admin/ path; relocatable

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
pi-hole · Dec 19, 2022 · 8270a7f · 8270a7f
1 parent f985a70
commit 8270a7f
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/scripts/pi-hole/php/password.php b/scripts/pi-hole/php/password.php
@@ -68,9 +68,15 @@ function verifyPassword($pwhash, $use_api = false)
                 $_SESSION['auth'] = true;
 
                 // Login successful, redirect the user to the original requested page
-                if ($_SERVER['REQUEST_METHOD'] === 'POST' && $_SERVER['SCRIPT_NAME'] === '/admin/login.php') {
-                    header('Location: '.$redirect_url);
-                    exit;
+                if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+                    // suffix match (str_ends_with()) for /login.php
+                    $script_name = $_SERVER['SCRIPT_NAME'];
+                    if (strlen($script_name) > 10
+                        ? substr_compare($script_name, '/login.php', -10)
+                        : $script_name === '/login.php') {
+                        header('Location: '.$redirect_url);
+                        exit;
+                    }
                 }
             } else {
                 $_SESSION['auth'] = false;