Files
jarvis/public_html/index.php
T

29 lines
1.1 KiB
PHP

<?php
// Entry point — server-side session check, no JavaScript required.
// If not logged in: HTTP 302 to /login.php (Cloudflare cannot interfere).
// If logged in: serve the app with token already in sessionStorage.
session_name('jarvis_main');
session_start();
if (empty($_SESSION['jarvis_token'])) {
header('Location: /login.php');
exit;
}
$token = $_SESSION['jarvis_token'];
$name = $_SESSION['jarvis_name'] ?? '';
// Serve _app.html with the session token injected before any other script
$html = file_get_contents(__DIR__ . '/_app.html');
// Strip the old data-cfasync guard (no longer needed — PHP handles auth now)
$html = preg_replace('/<script data-cfasync="false">if\(!sessionStorage[^<]+<\/script>\n?/', '', $html);
// Inject token into sessionStorage right after <head> so it's available
// before any other script runs — including Rocket Loader
$inject = '<script>sessionStorage.setItem("jarvis_token",' . json_encode($token) . ');'
. 'sessionStorage.setItem("jarvis_user",' . json_encode($name) . ');</script>';
$html = str_replace('<head>', '<head>' . $inject, $html);
echo $html;