starred/tinyfilemanager
1
0
Fork 0
mirror of https://github.com/prasathmani/tinyfilemanager.git synced 2026-04-26 19:05:54 +03:00
Code Issues 253 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #1107] Wrong url after login #709

New issue
Closed
opened 2026-03-02 16:00:56 +03:00 by kerem · 1 comment
kerem commented 2026-03-02 16:00:56 +03:00
Owner
Copy link

Originally created by @ash-f on GitHub (Nov 13, 2023).
Original GitHub issue: https://github.com/prasathmani/tinyfilemanager/issues/1107

The url will be redirected to $root_path after login, not Tiny File Manager itself.

Tiny File Manager location
/tfm/index.php

Configuration

// Root path for file manager
// use absolute path of directory i.e: '/var/www/folder' or $_SERVER['DOCUMENT_ROOT'].'/folder'
$root_path = $_SERVER['DOCUMENT_ROOT'].'/files';

// Root url for links in file manager.Relative to $http_host. Variants: '', 'path/to/subfolder'
// Will not working if $root_path will be outside of server document root
$root_url = 'files';

Tiny File Manager 2.5.3 (offline version)

Originally created by @ash-f on GitHub (Nov 13, 2023). Original GitHub issue: https://github.com/prasathmani/tinyfilemanager/issues/1107 The url will be redirected to $root_path after login, not Tiny File Manager itself. Tiny File Manager location /tfm/index.php Configuration ``` // Root path for file manager // use absolute path of directory i.e: '/var/www/folder' or $_SERVER['DOCUMENT_ROOT'].'/folder' $root_path = $_SERVER['DOCUMENT_ROOT'].'/files'; // Root url for links in file manager.Relative to $http_host. Variants: '', 'path/to/subfolder' // Will not working if $root_path will be outside of server document root $root_url = 'files'; ``` Tiny File Manager 2.5.3 (offline version)
kerem closed this issue 2026-03-02 16:00:56 +03:00
kerem commented 2026-03-02 16:00:57 +03:00
Author
Owner
Copy link

@PLJ020 commented on GitHub (May 16, 2024):

Had exact same problem and found that it's because after entering either correct or incorrect password redirect is wrong.

What worked for me was changing below:
if (isset($auth_users[$_POST['fm_usr']]) && isset($_POST['fm_pwd']) && password_verify($_POST['fm_pwd'],
$auth_users[$_POST['fm_usr']]) && verifyToken($_POST['token'])) {
$_SESSION[FM_SESSION_ID]['logged'] = $_POST['fm_usr'];
fm_set_msg(lng('You are logged in'));
fm_redirect(FM_ROOT_URL);
} else {
unset($_SESSION[FM_SESSION_ID]['logged']);
fm_set_msg(lng('Login failed. Invalid username or password'), 'error');
fm_redirect(FM_ROOT_URL);

To:
if (isset($auth_users[$_POST['fm_usr']]) && isset($_POST['fm_pwd']) && password_verify($_POST['fm_pwd'],
$auth_users[$_POST['fm_usr']]) && verifyToken($_POST['token'])) {
$_SESSION[FM_SESSION_ID]['logged'] = $_POST['fm_usr'];
fm_set_msg(lng('You are logged in'));
// fm_redirect(FM_ROOT_URL);
fm_redirect($_SERVER['REQUEST_URI']);
} else {
unset($_SESSION[FM_SESSION_ID]['logged']);
fm_set_msg(lng('Login failed. Invalid username or password'), 'error');
// fm_redirect(FM_ROOT_URL);
fm_redirect($_SERVER['REQUEST_URI']);

Note the problematic statement that's changed above is:
fm_redirect(FM_ROOT_URL) -> fm_redirect($_SERVER['REQUEST_URI'])

Reference:
github.com/prasathmani/tinyfilemanager@1f0c8538ed

<!-- gh-comment-id:2116172191 --> @PLJ020 commented on GitHub (May 16, 2024): Had exact same problem and found that it's because after entering either correct or incorrect password redirect is wrong. What worked for me was changing below: if (isset($auth_users[$_POST['fm_usr']]) && isset($_POST['fm_pwd']) && password_verify($_POST['fm_pwd'], $auth_users[$_POST['fm_usr']]) && verifyToken($_POST['token'])) { $_SESSION[FM_SESSION_ID]['logged'] = $_POST['fm_usr']; fm_set_msg(lng('You are logged in')); **fm_redirect(FM_ROOT_URL);** } else { unset($_SESSION[FM_SESSION_ID]['logged']); fm_set_msg(lng('Login failed. Invalid username or password'), 'error'); **fm_redirect(FM_ROOT_URL);** To: if (isset($auth_users[$_POST['fm_usr']]) && isset($_POST['fm_pwd']) && password_verify($_POST['fm_pwd'], $auth_users[$_POST['fm_usr']]) && verifyToken($_POST['token'])) { $_SESSION[FM_SESSION_ID]['logged'] = $_POST['fm_usr']; fm_set_msg(lng('You are logged in')); **// fm_redirect(FM_ROOT_URL);** **fm_redirect($_SERVER['REQUEST_URI']);** } else { unset($_SESSION[FM_SESSION_ID]['logged']); fm_set_msg(lng('Login failed. Invalid username or password'), 'error'); **// fm_redirect(FM_ROOT_URL);** **fm_redirect($_SERVER['REQUEST_URI']);** Note the problematic statement that's changed above is: fm_redirect(FM_ROOT_URL) -> fm_redirect($_SERVER['REQUEST_URI']) Reference: https://github.com/prasathmani/tinyfilemanager/commit/1f0c8538edbc832713f582bb7a86d19aac28d100
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
prasathmani-patch-1
offline
add-license-1
2.6
2.5.3
2.5.0
2.4.7
2.4.3
2.4.1
2.4.0
2.3.8
2.3.4
2.3
2.2.0
2.0.2
2.0.1
Labels
Clear labels   
Feature

   
Feature

   
Is It Really an Issue?

   
Need More Info

   
Request

   
Security

   
bug

   
duplicate

   
enhancement

   
enhancement

   
help wanted

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
suggestion

   
wontfix
No labels
Feature
Feature
Is It Really an Issue?
Need More Info
Request
Security
bug
duplicate
enhancement
enhancement
help wanted
invalid
pull-request
question
suggestion
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/tinyfilemanager#709
No description provided.