Wrong url after login

[ash-f]

The url will be redirected to $root_path after login, not Tiny File Manager itself.

Tiny File Manager location /tfm/index.php

Configuration

// Root path for file manager
// use absolute path of directory i.e: '/var/www/folder' or $_SERVER['DOCUMENT_ROOT'].'/folder'
$root_path = $_SERVER['DOCUMENT_ROOT'].'/files';

// Root url for links in file manager.Relative to $http_host. Variants: '', 'path/to/subfolder'
// Will not working if $root_path will be outside of server document root
$root_url = 'files';

Tiny File Manager 2.5.3 (offline version)

[PLJ020]

Had exact same problem and found that it's because after entering either correct or incorrect password redirect is wrong.

What worked for me was changing below: if (isset($auth_users[$_POST['fm_usr']]) && isset($_POST['fm_pwd']) && password_verify($_POST['fm_pwd'],
$auth_users[$_POST['fm_usr']]) && verifyToken($_POST['token'])) { $_SESSION[FM_SESSION_ID]['logged'] = $_POST['fm_usr']; fm_set_msg(lng('You are logged in')); fm_redirect(FM_ROOT_URL); } else { unset($_SESSION[FM_SESSION_ID]['logged']); fm_set_msg(lng('Login failed. Invalid username or password'), 'error'); fm_redirect(FM_ROOT_URL);

To: if (isset($auth_users[$_POST['fm_usr']]) && isset($_POST['fm_pwd']) && password_verify($_POST['fm_pwd'], $auth_users[$_POST['fm_usr']]) && verifyToken($_POST['token'])) { $_SESSION[FM_SESSION_ID]['logged'] = $_POST['fm_usr']; fm_set_msg(lng('You are logged in')); // fm_redirect(FM_ROOT_URL); fm_redirect($_SERVER['REQUEST_URI']); } else { unset($_SESSION[FM_SESSION_ID]['logged']); fm_set_msg(lng('Login failed. Invalid username or password'), 'error'); // fm_redirect(FM_ROOT_URL); fm_redirect($_SERVER['REQUEST_URI']);

Note the problematic statement that's changed above is: fm_redirect(FM_ROOT_URL) -> fm_redirect($_SERVER['REQUEST_URI'])

Reference: https://github.com/prasathmani/tinyfilemanager/commit/1f0c8538edbc832713f582bb7a86d19aac28d100