From e0fc31332c958ef513c1a832e74f63a000cf7e52 Mon Sep 17 00:00:00 2001 From: Myron Blair Date: Mon, 1 Jun 2026 10:01:00 +0000 Subject: [PATCH] =?UTF-8?q?fix:=20inject=20token=20as=20JS=20global=20(no?= =?UTF-8?q?=20sessionStorage=20needed),=20skip=20bridge.php,=20direct=20lo?= =?UTF-8?q?gin=E2=86=92app?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- public_html/index.html | 12 ++++++++---- public_html/index.php | 9 +++++++-- public_html/login.php | 2 +- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/public_html/index.html b/public_html/index.html index c1b42db..2000b1a 100644 --- a/public_html/index.html +++ b/public_html/index.html @@ -959,14 +959,18 @@ window.addEventListener("load", () => { initVoice(); loadVoices(); - // Check if already logged in - const saved = sessionStorage.getItem('jarvis_token'); + // Check if already logged in — prefer PHP-injected global, fall back to sessionStorage + const saved = (typeof __jarvisToken !== 'undefined' ? __jarvisToken : null) + || sessionStorage.getItem('jarvis_token'); + const savedUser = (typeof __jarvisUser !== 'undefined' ? __jarvisUser : null) + || sessionStorage.getItem('jarvis_user') || ''; const autoReload = sessionStorage.getItem('jarvis_autoreload') === '1'; sessionStorage.removeItem('jarvis_autoreload'); if (saved) { sessionToken = saved; - sessionUser = sessionStorage.getItem('jarvis_user') || ''; - showApp(sessionUser, null, autoReload); + sessionUser = savedUser; + try { sessionStorage.setItem('jarvis_token', saved); sessionStorage.setItem('jarvis_user', savedUser); } catch(e) {} + showApp(savedUser, null, autoReload); } }); diff --git a/public_html/index.php b/public_html/index.php index fe7a24a..80a7d7e 100644 --- a/public_html/index.php +++ b/public_html/index.php @@ -9,6 +9,11 @@ if (empty($_SESSION['jarvis_token'])) { $token = $_SESSION['jarvis_token']; $name = $_SESSION['jarvis_name'] ?? ''; $html = file_get_contents(__DIR__ . '/index.html'); -$inject = ''; +// Inject token as JS globals — no sessionStorage dependency at all +$inject = ''; echo str_replace('', '' . $inject, $html); diff --git a/public_html/login.php b/public_html/login.php index 6e19882..3f4873f 100644 --- a/public_html/login.php +++ b/public_html/login.php @@ -20,7 +20,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { $_SESSION['jarvis_user_id'] = $user['id']; $_SESSION['jarvis_name'] = $user['display_name']; $pdo->prepare('UPDATE users SET last_seen=NOW() WHERE id=?')->execute([$user['id']]); - header('Location: /bridge.php'); + header('Location: /'); exit; } $error = 'ACCESS DENIED';