require 'bootstrap.php'; $SESSION = new \Zend_Session_Namespace('internal'); if (empty($_GET['lang'])) { // No language sent, check session if (empty($SESSION->lang)) { // Default to fr-CA $SESSION->lang = DEFAULT_LANGUAGE; } } else { if (\Ventus\Utilities\I18n\Translate::isAllowedLanguage($_GET['lang'])) { // acceptable language $SESSION->lang = $_GET['lang']; } else { // unacceptable language, default to fr-CA $SESSION->lang = DEFAULT_LANGUAGE; } } // Only use the HTTP referer header if it is a Ventus site if (!empty($_SERVER['HTTP_REFERER']) && (\Ventus\Utilities\URI::isRelativeURI($_SERVER['HTTP_REFERER']) || \Ventus\Utilities\URI::isVentusURI($_SERVER['HTTP_REFERER']))) { // URL is valid $uri = $_SERVER['HTTP_REFERER']; } else { $uri = '//' . URL_PROFILE . '/dashboard.php'; } if (!isset($SESSION->user_name) && mb_strpos($uri, URL_PROFILE . '/views/login.php') === FALSE && mb_strpos($uri, URL_PROFILE . '/index.php?page=resetpass-page') === FALSE) { header('Location: https://' . URL_PROFILE . '/views/login.php?page=' . rawurlencode($uri)); exit; } header("Location: {$uri}"); exit;
<?php require '../includes/php/bootstrap.php'; $SESSION = new \Zend_Session_Namespace('professor', true); if (empty($_GET['lang'])) { // No language sent, check session if (empty($SESSION->lang)) { $SESSION->lang = DEFAULT_LANGUAGE; } } else { if (\Ventus\Utilities\I18n\Translate::isAllowedLanguage($_GET['lang'])) { // acceptable language $SESSION->lang = $_GET['lang']; } else { // unacceptable language $SESSION->lang = DEFAULT_LANGUAGE; } } //Check if a destination URL exists and is safe to redirect to if (!empty($_GET['uri']) && (\Ventus\Utilities\URI::isRelativeURI($_GET['uri']) || \Ventus\Utilities\URI::isVentusURI($_GET['uri']))) { // URL is valid, strip out the lang parameter $uri = \Ventus\Utilities\URI::removeQueryParameter($_GET['uri'], 'lang'); } else { $uri = '//' . URL_PROFESSOR . '/'; } header("Location: {$uri}"); exit;
header('Strict-Transport-Security: max-age=31536000'); header('X-Frame-Options: deny'); header('X-Content-Type-Options: nosniff'); header('X-XSS-Protection: 1; mode=block'); } else { $uri = 'https://' . URL_INTRANET . $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING']; header('HTTP/1.1 301 Moved Permanently'); header("Location: {$uri}"); die; } // @TODO move this logic to appropriate controllers if (!Authentication::isAuthenticated($SESSION, 'internal')) { header('Location: https://' . URL_VENTUS . '/index.php?next=' . $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING']); exit; } else { Authentication::isAuthorized($SESSION, \Ventus\Utilities\URI::getCurrentURL()); } header('Content-Type: text/html; charset=utf-8'); header('Content-Language: ' . $l10n->getLanguage()); ?> <!DOCTYPE html> <html lang='<?php echo $l10n->getLanguage(); ?> ' class='no-js'> <meta charset='utf-8'> <meta name='viewport' content='width=device-width,initial-scale=1.0'> <link rel="stylesheet" media="screen" type="text/css" href="../includes/css/ventus.css"> <link rel='stylesheet' media='screen' type='text/css' href='//<?php echo URL_VENDOR_FRONTEND;