fix: force loginScreen hidden + app visible at HTML level — no JS needed to show dashboard

This commit is contained in:
2026-06-01 10:05:37 +00:00
parent e0fc31332c
commit 7286b999ff
+22 -2
View File
@@ -2,18 +2,38 @@
ini_set('session.cache_limiter', '');
header('Cache-Control: no-store, no-cache, must-revalidate, no-transform');
session_start();
if (empty($_SESSION['jarvis_token'])) {
header('Location: /login.php');
exit;
}
$token = $_SESSION['jarvis_token'];
$name = $_SESSION['jarvis_name'] ?? '';
$html = file_get_contents(__DIR__ . '/index.html');
// Inject token as JS globals — no sessionStorage dependency at all
// 1. Inject token as JS globals — no sessionStorage dependency
$inject = '<script data-cfasync="false">'
. 'var __jarvisToken=' . json_encode($token) . ';'
. 'var __jarvisUser=' . json_encode($name) . ';'
. 'var sessionToken=' . json_encode($token) . ';'
. 'var sessionUser=' . json_encode($name) . ';'
. 'try{sessionStorage.setItem("jarvis_token",__jarvisToken);'
. 'sessionStorage.setItem("jarvis_user",__jarvisUser);}catch(e){}'
. '</script>';
echo str_replace('<head>', '<head>' . $inject, $html);
$html = str_replace('<head>', '<head>' . $inject, $html);
// 2. Force login screen HIDDEN and app VISIBLE at the HTML level
// so even if JS fails the user sees the dashboard, not the login form
$html = str_replace(
'<div id="loginScreen">',
'<div id="loginScreen" style="display:none!important">',
$html
);
$html = str_replace(
'<div id="app">',
'<div id="app" style="display:flex!important;flex-direction:column">',
$html
);
echo $html;