true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => ['Content-Type: application/json'],
CURLOPT_POSTFIELDS => json_encode(['email'=>$email,'password'=>$password]),
CURLOPT_TIMEOUT => 10,
]);
$resp = curl_exec($ch);
$code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
$data = $resp ? json_decode($resp, true) : null;
if ($code === 200 && !empty($data['bearer'])) {
chat247_set_bearer($data['bearer'], $data['user']);
// Allow ?next= bounce-back for admin.247ch.at + sibling subdomains.
// Only accept https URLs on a 247ch.at host to avoid open-redirect.
$next = (string)($_POST['next'] ?? $_GET['next'] ?? '/dashboard.php');
if (preg_match('#^https://[a-z0-9-]+\.?247ch\.at(/.*)?$#i', $next)) {
header('Location: ' . $next);
} else {
header('Location: /dashboard.php');
}
exit;
}
$err = $data['error'] ?? 'Sign-in failed';
}
?>
Sign in — 247ch.at