From 154f0aa9a4ddf85c1eec6eda77c69c3e9dbd787f Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Wed, 8 Apr 2026 11:43:08 +0200 Subject: [PATCH] fix multiple redirection if password must be changed and 2 factor auth must be setup --- inc/inc.Authentication.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/inc/inc.Authentication.php b/inc/inc.Authentication.php index ebba827b2..142ff7ae0 100644 --- a/inc/inc.Authentication.php +++ b/inc/inc.Authentication.php @@ -130,7 +130,7 @@ if($isajax) if (!$user->isAdmin() && $origuser == null) { if($settings->_passwordExpiration > 0) { - if(!in_array(basename($_SERVER['SCRIPT_NAME']), ['out.ForcePasswordChange.php', 'op.EditUserData.php', 'op.Logout.php'])) { + if(!in_array(basename($_SERVER['SCRIPT_NAME']), ['out.Setup2Factor.php', 'op.Setup2Factor.php', 'out.ForcePasswordChange.php', 'op.EditUserData.php', 'op.Logout.php'])) { $pwdexp = $user->getPwdExpiration(); if($pwdexp && substr($pwdexp, 0, 10) != '0000-00-00') { $pwdexpts = strtotime($pwdexp); // + $pwdexp*86400; @@ -148,7 +148,7 @@ if (!$user->isAdmin() && $origuser == null) { * already on the page Setup2Factor.php and no user substiation has occured. */ if($settings->_enable2FactorAuthentication && $settings->_guestID != $user->getID() && $settings->_autoLoginUser != $user->getID() && $origuser == null && $user->getSecret() == '') { - if(!in_array(basename($_SERVER['SCRIPT_NAME']), ['out.Setup2Factor.php', 'op.Setup2Factor.php', 'op.Logout.php'])) { + if(!in_array(basename($_SERVER['SCRIPT_NAME']), ['out.ForcePasswordChange.php', 'out.Setup2Factor.php', 'op.Setup2Factor.php', 'op.Logout.php'])) { header("Location: ../out/out.Setup2Factor.php"); exit; }