fix: Change Refresh into Location

If use Refresh, it will not work on some browser and
some protocols (e.g. HTTP/2). So, change Refresh
into Location.

Signed-off-by: SPC <github@spcsky.com>

include/functions.php

@@ -1973,7 +1973,7 @@ function userlogin() {
 		$res = sql_query("SELECT * FROM bans WHERE $nip >= first AND $nip <= last") or sqlerr(__FILE__, __LINE__);
 		if (mysql_num_rows($res) > 0)
 		{
-			header("HTTP/1.0 403 Forbidden");
+			header("HTTP/1.1 403 Forbidden");
 			print("<html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"></head><body>".$lang_functions['text_unauthorized_ip']."</body></html>\n");
 			die;
 		}
@@ -3008,7 +3008,7 @@ function mksecret($len = 20) {
 }
 
 function httperr($code = 404) {
-	header("HTTP/1.0 404 Not found");
+	header("HTTP/1.1 404 Not found");
 	print("<h1>Not Found</h1>\n");
 	exit();
 }

public/amountattendancecard.php

@@ -48,7 +48,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
         \App\Models\Message::query()->insert($messages);
         $page++;
     }
-    header(sprintf("Refresh: 0; url=%s?sent=1", $_SERVER['PHP_SELF']));
+    header(sprintf("Location: %s?sent=1", $_SERVER['PHP_SELF']));
 }
 
 stdhead("Add Attendance card", false);

public/comment.php

@@ -97,11 +97,11 @@ if ($action == "add")
 		sql_query("UPDATE users SET last_comment = NOW() WHERE id = ".sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
 
 		if($type == "torrent")
-			header("Refresh: 0; url=details.php?id=$parent_id#$newid");
+			header("Location: details.php?id=$parent_id#$newid");
 		else if($type == "offer")
-			header("Refresh: 0; url=offers.php?id=$parent_id&off_details=1#$newid");
+			header("Location: offers.php?id=$parent_id&off_details=1#$newid");
 		else if($type == "request")
-			header("Refresh: 0; url=viewrequests.php?id=$parent_id&req_details=1#$newid");
+			header("Location: viewrequests.php?id=$parent_id&req_details=1#$newid");
 		die;
 	}
 

public/confirm.php

@@ -16,7 +16,7 @@ if (!$row)
 	httperr();
 
 if ($row["status"] != "pending") {
-	header("Refresh: 0; url=ok.php?type=confirmed");
+	header("Location: ok.php?type=confirmed");
 	exit();
 }
 
@@ -43,5 +43,5 @@ else	// when it's op, default is not use secure login
 logincookie($id, $passh,1,get_setting('system.cookie_valid_days', 365) * 86400,$securelogin_indentity_cookie);
 //sessioncookie($row["id"], $passh,false);
 
-header("Refresh: 0; url=ok.php?type=confirm");
+header("Location: ok.php?type=confirm");
 ?>

public/confirmemail.php

@@ -31,5 +31,5 @@ sql_query("UPDATE users SET editsecret='', email=" . sqlesc($email) . " WHERE id
 if (!mysql_affected_rows())
 	httperr();
 
-header("Refresh: 0; url=" . get_protocol_prefix() . "$BASEURL/usercp.php?action=security&type=saved");
-?>
+header("Location: " . get_protocol_prefix() . "$BASEURL/usercp.php?action=security&type=saved");
+?>

public/fastdelete.php

@@ -53,5 +53,5 @@ if (\App\Models\User::query()->where("id", $row['owner'])->exists()) {
         sql_query("INSERT INTO messages (sender, receiver, subject, added, msg) VALUES(0, $row[owner], $subject, $dt, $msg)") or sqlerr(__FILE__, __LINE__);
     }
 }
-header("Refresh: 0; url=torrents.php");
+header("Location: torrents.php");
 ?>

public/logout.php

@@ -3,6 +3,6 @@ require_once("../include/bittorrent.php");
 dbconn();
 logoutcookie();
 //logoutsession();
-//header("Refresh: 0; url=./");
+//header("Location: ./");
 nexus_redirect("/");
 ?>

public/modrules.php

@@ -40,7 +40,7 @@ elseif (isset($_GET["act"]) && $_GET["act"]=="addsect"){
 	$language = $_POST["language"];
 	sql_query("insert into rules (title, text, lang_id) values(".sqlesc($title).", ".sqlesc($text).", ".sqlesc($language).")") or sqlerr(__FILE__,__LINE__);
     clear_rules_cache();
-	header("Refresh: 0; url=modrules.php");
+	header("Location: modrules.php");
 }
 elseif (isset($_GET["act"]) && $_GET["act"] == "edit"){
 	$id = intval($_GET["id"]);
@@ -74,7 +74,7 @@ elseif (isset($_GET["act"]) && $_GET["act"]=="edited"){
 	$language = $_POST["language"];
 	sql_query("update rules set title=".sqlesc($title).", text=".sqlesc($text).", lang_id = ".sqlesc($language)." where id=".sqlesc($id)) or sqlerr(__FILE__,__LINE__);
     clear_rules_cache();
-	header("Refresh: 0; url=modrules.php");
+	header("Location: modrules.php");
 }
 elseif (isset($_GET["act"]) && $_GET["act"]=="del"){
 	$id = (int)$_GET["id"];
@@ -85,7 +85,7 @@ elseif (isset($_GET["act"]) && $_GET["act"]=="del"){
 	}
 	sql_query("DELETE FROM rules WHERE id=".sqlesc($id)) or sqlerr(__FILE__, __LINE__);
     clear_rules_cache();
-	header("Refresh: 0; url=modrules.php");
+	header("Location: modrules.php");
 }
 else{
 	$res = sql_query("select rules.*, lang_name from rules left join language on rules.lang_id = language.id order by lang_name, id");

public/nowarn.php

@@ -49,5 +49,5 @@ if (!empty($_POST["desact"])){
 }
 }
 }
-header("Refresh: 0; url=warned.php");
+header("Location: warned.php");
 ?>

public/offers.php

@@ -110,7 +110,7 @@ if (isset($_GET['new_offer']) && $_GET["new_offer"]){
 
 		write_log("offer $name was added by ".$CURUSER['username'],'normal');
 
-		header("Refresh: 0; url=offers.php?id=$id&off_details=1");
+		header("Location: offers.php?id=$id&off_details=1");
 
 		stdhead($lang_offers['head_success']);
 	}
@@ -261,7 +261,7 @@ if (isset($_GET["allow_offer"]) && $_GET["allow_offer"]) {
 	sql_query ("UPDATE offers SET allowed = 'allowed', allowedtime = '".$allowedtime."' WHERE id = $offid") or sqlerr(__FILE__,__LINE__);
 
 	write_log("{$CURUSER['username']} allowed offer {$arr['name']}",'normal');
-	header("Refresh: 0; url=" . get_protocol_prefix() . "$BASEURL/offers.php?id=$offid&off_details=1");
+	header("Location: " . get_protocol_prefix() . "$BASEURL/offers.php?id=$offid&off_details=1");
 }
 //=== end allow the offer
 
@@ -312,7 +312,7 @@ if (isset($_GET["finish_offer"]) && $_GET["finish_offer"]) {
 	//sql_query("INSERT INTO messages (sender, receiver, added, msg) VALUES(0, $arr['userid'], '" . date("Y-m-d H:i:s") . "', " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__);
 	write_log("{$CURUSER['username']} closed poll {$arr['name']}",'normal');
 
-	header("Refresh: 0; url=" . get_protocol_prefix() . "$BASEURL/offers.php?id=$offid&off_details=1");
+	header("Location: " . get_protocol_prefix() . "$BASEURL/offers.php?id=$offid&off_details=1");
 	die;
 }
 //===end allow offer by vote
@@ -403,7 +403,7 @@ if (isset($_GET["take_off_edit"]) && $_GET["take_off_edit"]){
 
 	sql_query("UPDATE offers SET category=$cat, name=$name, descr=$descr where id=".sqlesc($id));
 
-	//header("Refresh: 0; url=offers.php?id=$id&off_details=1");
+	//header("Location: offers.php?id=$id&off_details=1");
 }
 //======end take offer edit
 
@@ -579,7 +579,7 @@ if (isset($_GET["del_offer"]) && $_GET["del_offer"]){
 			sql_query("INSERT INTO messages (sender, receiver, msg, added, subject) VALUES(0, {$num['userid']}, $msg, $added, $subject)") or sqlerr(__FILE__, __LINE__);
 		}
 		write_log("Offer: $offer ({$num['name']}) was deleted by {$CURUSER['username']}".($reason != "" ? " (".$reason.")" : ""),'normal');
-		header("Refresh: 0; url=offers.php");
+		header("Location: offers.php");
 		die;
 	}
 	else

public/staffbox.php

@@ -231,7 +231,7 @@ $id = intval($_GET["id"] ?? 0);
 sql_query ("UPDATE staffmessages SET answered=1, answeredby = {$CURUSER['id']} WHERE id = $id") or sqlerr();
 $Cache->delete_value('staff_new_message_count');
     clear_staff_message_cache();
-header("Refresh: 0; url=staffbox.php" . (!empty($_GET['return']) ? "?" . $_GET['return'] : ''));
+header("Location: staffbox.php" . (!empty($_GET['return']) ? "?" . $_GET['return'] : ''));
 }
 
          //////////////////////////
@@ -259,7 +259,7 @@ elseif ($_POST['delete']){
 }
 $Cache->delete_value('staff_new_message_count');
     clear_staff_message_cache();
-header("Refresh: 0; url=staffbox.php");
+header("Location: staffbox.php");
 }
 
 ?>

public/take-increment-bulk.php

@@ -76,5 +76,5 @@ while (true) {
     $page++;
 }
 
-header("Refresh: 0; url=increment-bulk.php?sent=1&type=$type");
+header("Location: increment-bulk.php?sent=1&type=$type");
 ?>

public/takeamountupload.php

@@ -3,7 +3,7 @@ require "../include/bittorrent.php";
 if ($_SERVER["REQUEST_METHOD"] != "POST")
 	stderr("Error", "Permission denied!");
 dbconn();
-loggedinorreturn();                                                    
+loggedinorreturn();
 
 if (get_user_class() < UC_SYSOP)
 	stderr("Sorry", "Permission denied.");
@@ -37,5 +37,5 @@ while($dat=mysql_fetch_assoc($query))
 	sql_query("INSERT INTO messages (sender, receiver, added,  subject, msg) VALUES ($sender_id, {$dat['id']}, $dt, " . sqlesc($subject) .", " . sqlesc($msg) .")") or sqlerr(__FILE__,__LINE__);
 }
 
-header("Refresh: 0; url=amountupload.php?sent=1");
+header("Location: amountupload.php?sent=1");
 ?>

public/takeconfirm.php

@@ -30,5 +30,5 @@ EOD;
 //this mail is sent when the site is using admin(open/closed)/inviter(closed) confirmation and the admin/inviter confirmed the pending user
 sent_mail($email,$SITENAME,$SITEEMAIL,$title,$body,"invite confirm",false,false,'');
 
-header("Refresh: 0; url=invite.php?id=".htmlspecialchars($CURUSER['id']));
+header("Location: invite.php?id=".htmlspecialchars($CURUSER['id']));
 ?>

public/takeedit.php

@@ -309,4 +309,4 @@ if ($affectedRows == 1) {
 $returl = "details.php?id=$id&edited=1";
 if (isset($_POST["returnto"]))
 	$returl = $_POST["returnto"];
-header("Refresh: 0; url=$returl");
+header("Location: $returl");

public/takeinvite.php

@@ -130,7 +130,7 @@ if ($sendResult === true) {
     }
 }
 $lock->release();
-header("Refresh: 0; url=invite.php?id=".htmlspecialchars($id)."&sent=1");
+header("Location: invite.php?id=".htmlspecialchars($id)."&sent=1");
 ?>
 
 

public/takestaffmess.php

@@ -53,5 +53,5 @@ while (true) {
     $page++;
 }
 
-header("Refresh: 0; url=staffmess.php?sent=1");
+header("Location: staffmess.php?sent=1");
 ?>

public/takeupdate.php

@@ -23,4 +23,4 @@ while ($arr = mysql_fetch_assoc($res))
 	$Cache->delete_value('staff_report_count');
 }
 
-header("Refresh: 0; url=reports.php");
+header("Location: reports.php");