From c7c11df629b070cf570ef56d71fd44ae9fbf6ec7 Mon Sep 17 00:00:00 2001
From: janis steiner <janis@jakach.ch>
Date: Thu, 7 May 2026 19:48:25 +0200
Subject: [PATCH] error in login

---
 backend/login.php         |  9 ++++++---
 docker/Dockerfile.php     |  7 ++++++-
 docker/php.ini            |  6 ++++++
 frontend/assets/js/app.js | 25 +++++++++++++++++++++++--
 4 files changed, 41 insertions(+), 6 deletions(-)
 create mode 100644 docker/php.ini

diff --git a/backend/login.php b/backend/login.php
index 8e7db2d..8638476 100644
--- a/backend/login.php
+++ b/backend/login.php
@@ -1,7 +1,6 @@
 <?php
 session_start();
 
-// If already logged in, redirect
 if (isset($_SESSION['neptune_loggedin']) && $_SESSION['neptune_loggedin'] === true) {
     header('Location: /');
     exit;
@@ -10,7 +9,11 @@ if (isset($_SESSION['neptune_loggedin']) && $_SESSION['neptune_loggedin'] === tr
 $error = '';
 $success = '';
 
-// Check for auth callback from Jakach Auth
+// Detect the correct callback URL
+$scheme = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
+$host = $_SERVER['HTTP_HOST'] ?? 'localhost:8080';
+$callbackUrl = "$scheme://$host/login.php";
+
 if (isset($_GET['auth'])) {
     $auth_token = $_GET['auth'];
     $check_url = "https://auth.jakach.ch/api/auth/check_auth_key.php?auth_token=" . urlencode($auth_token);
@@ -98,7 +101,7 @@ if (isset($_GET['auth'])) {
             <div class="alert alert-success py-2 small"><?= htmlspecialchars($success) ?></div>
         <?php endif; ?>
 
-        <a href="https://auth.jakach.ch/?send_to=<?= urlencode('http://' . ($_SERVER['HTTP_HOST'] ?? 'localhost:8080') . '/login.php') ?>" class="btn btn-jakach w-100 py-2 mb-2">
+        <a href="https://auth.jakach.ch/?send_to=<?= urlencode($callbackUrl) ?>" class="btn btn-jakach w-100 py-2 mb-2">
             <i class="fas fa-right-to-bracket me-2"></i>Log in with Jakach Auth
         </a>
         <small class="text-secondary">First user automatically becomes admin</small>
diff --git a/docker/Dockerfile.php b/docker/Dockerfile.php
index fe1f913..fed7843 100644
--- a/docker/Dockerfile.php
+++ b/docker/Dockerfile.php
@@ -1,5 +1,10 @@
 FROM php:8.2-fpm
 
-RUN docker-php-ext-install pdo pdo_mysql
+RUN apt-get update && apt-get install -y libcurl4-openssl-dev && \
+    docker-php-ext-install pdo pdo_mysql curl && \
+    mkdir -p /tmp/sessions && \
+    chmod 777 /tmp/sessions
+
+COPY docker/php.ini /usr/local/etc/php/conf.d/neptune.ini
 
 WORKDIR /var/www/backend
\ No newline at end of file
diff --git a/docker/php.ini b/docker/php.ini
new file mode 100644
index 0000000..580d783
--- /dev/null
+++ b/docker/php.ini
@@ -0,0 +1,6 @@
+session.save_path = /tmp/sessions
+session.gc_maxlifetime = 86400
+session.cookie_lifetime = 0
+session.use_strict_mode = 1
+session.cookie_httponly = 1
+session.cookie_samesite = Lax
\ No newline at end of file
diff --git a/frontend/assets/js/app.js b/frontend/assets/js/app.js
index 509d3a4..b9b32e7 100644
--- a/frontend/assets/js/app.js
+++ b/frontend/assets/js/app.js
@@ -892,6 +892,10 @@ let currentRole = null;
 async function checkSession() {
     try {
         const res = await fetch('/api/session');
+        if (res.redirected || !res.ok) {
+            window.location.replace('/login.php');
+            return;
+        }
         const data = await res.json();
         if (data.loggedin) {
             currentUser = data.username;
@@ -901,10 +905,27 @@ async function checkSession() {
                 document.getElementById('settingsBtn').classList.remove('d-none');
             }
         } else {
-            window.location.href = '/login.php';
+            window.location.replace('/login.php');
         }
     } catch (e) {
-        window.location.href = '/login.php';
+        // Retry once after a brief delay in case of transient network issue
+        setTimeout(async () => {
+            try {
+                const res = await fetch('/api/session');
+                if (!res.ok || res.redirected) throw new Error();
+                const data = await res.json();
+                if (data.loggedin) {
+                    currentUser = data.username;
+                    currentRole = data.role;
+                    document.getElementById('userDisplay').textContent = data.username;
+                    if (data.role === 'admin' || data.admin_count === 0) {
+                        document.getElementById('settingsBtn').classList.remove('d-none');
+                    }
+                    return;
+                }
+            } catch (_) {}
+            window.location.replace('/login.php');
+        }, 500);
     }
 }