$parts[0],
'hash' => !empty($parts[1]) ? '#' . $parts[1] : ''
];
}
function append_hash(string $url): string {
// First check if the URL already has a hash from the deep link
$parts = extract_hash_from_path($url);
if (!empty($parts['hash'])) {
return $parts['path'] . $parts['hash'];
}
// Fall back to POST url_hash (for browser-captured hashes)
if (!empty($_POST['url_hash'])) {
$sanitized = preg_replace('/[^#a-zA-Z0-9_\-]/', '', $_POST['url_hash']);
if (str_starts_with($sanitized, '#')) {
return $url . $sanitized;
}
}
return $url;
}
function is_authenticated(): bool {
return isset($_SESSION['login']) && $_SESSION['login'] === 1;
}
function login_user(): void {
$_SESSION['login'] = 1;
session_regenerate_id(true);
}
function logout_user(): void {
$_SESSION = [];
session_destroy();
}
/* =====================================================
Redirect Handling
===================================================== */
$redirectTo = validate_local_path($_GET['next'] ?? null);
/* =====================================================
Web Protection Disabled
===================================================== */
if ($nax_WebProtection !== 'true') {
if (!is_authenticated()) {
login_user();
}
safe_redirect(append_hash($redirectTo));
}
/* =====================================================
Login Attempt
===================================================== */
if (!empty($_POST['loginpassword'])) {
$incomingHash = hash('sha256', $_POST['loginpassword']);
if (hash_equals($nax_Password, $incomingHash)) {
login_user();
// Redirect to target page, preserving deep link hash if present
safe_redirect(append_hash($redirectTo));
}
}
/* =====================================================
Already Logged In
===================================================== */
if (is_authenticated()) {
safe_redirect(append_hash($redirectTo));
}
/* =====================================================
Login UI Variables
===================================================== */
$login_headline = lang('Login_Toggle_Info_headline');
$login_info = lang('Login_Info');
$login_mode = 'info';
$login_display_mode = 'display:none;';
$login_icon = 'fa-info';
if ($nax_Password === '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92') {
$login_info = lang('Login_Default_PWD');
$login_mode = 'danger';
$login_display_mode = 'display:block;';
$login_headline = lang('Login_Toggle_Alert_headline');
$login_icon = 'fa-ban';
}
?>
NetAlert X | Log in