Closed ash-f closed 1 month ago
Had exact same problem and found that it's because after entering either correct or incorrect password redirect is wrong.
What worked for me was changing below:
if (isset($auth_users[$_POST['fm_usr']]) && isset($_POST['fm_pwd']) && password_verify($_POST['fm_pwd'],
$auth_users[$_POST['fm_usr']]) && verifyToken($_POST['token'])) {
$_SESSION[FM_SESSION_ID]['logged'] = $_POST['fm_usr'];
fm_set_msg(lng('You are logged in'));
fm_redirect(FM_ROOT_URL);
} else {
unset($_SESSION[FM_SESSION_ID]['logged']);
fm_set_msg(lng('Login failed. Invalid username or password'), 'error');
fm_redirect(FM_ROOT_URL);
To: if (isset($auth_users[$_POST['fm_usr']]) && isset($_POST['fm_pwd']) && password_verify($_POST['fm_pwd'], $auth_users[$_POST['fm_usr']]) && verifyToken($_POST['token'])) { $_SESSION[FM_SESSION_ID]['logged'] = $_POST['fm_usr']; fm_set_msg(lng('You are logged in')); // fm_redirect(FM_ROOT_URL); fm_redirect($_SERVER['REQUEST_URI']); } else { unset($_SESSION[FM_SESSION_ID]['logged']); fm_set_msg(lng('Login failed. Invalid username or password'), 'error'); // fm_redirect(FM_ROOT_URL); fm_redirect($_SERVER['REQUEST_URI']);
Note the problematic statement that's changed above is: fm_redirect(FM_ROOT_URL) -> fm_redirect($_SERVER['REQUEST_URI'])
Reference: https://github.com/prasathmani/tinyfilemanager/commit/1f0c8538edbc832713f582bb7a86d19aac28d100
The url will be redirected to $root_path after login, not Tiny File Manager itself.
Tiny File Manager location /tfm/index.php
Configuration
Tiny File Manager 2.5.3 (offline version)