$update = new \Elabftw\Elabftw\Update(); // don't run it if we didn't run the update.php script yet if (!is_null(get_config('schema'))) { if (get_config('schema') < $update::REQUIRED_SCHEMA) { try { $_SESSION['infos'] = $update->runUpdateScript(); } catch (Exception $e) { $_SESSION['errors'] = $e->getMessage(); } } } $user = new \Elabftw\Elabftw\User(); // pages where you don't need to be logged in // reset.php is in fact app/reset.php but we use basename so... $nologin_arr = array('login.php', 'login-exec.php', 'register.php', 'register-exec.php', 'change-pass.php', 'reset.php'); if (!isset($_SESSION['auth']) && !in_array(basename($_SERVER['SCRIPT_FILENAME']), $nologin_arr)) { // try to login with the cookie if (!$user->loginWithCookie()) { // maybe we clicked an email link and we want to be redirected to the page upon successful login // so we store the url in a cookie expiring in 5 minutes to redirect to it after login $host = $_SERVER['HTTP_HOST']; $script = $_SERVER['SCRIPT_NAME']; $params = '?' . $_SERVER['QUERY_STRING']; $url = 'https://' . $host . $script . $params; // remove trailing ? if there was no query string $url = rtrim($url, '?'); setcookie('redirect', $url, time() + 300, '/', null, true, true); header('location: app/logout.php'); exit; } }