Fix auth redirects for /dreamgirl subpath

Make login/logout and redirects work when deployed under a subdirectory (e.g. /dreamgirl).

Co-authored-by: Cursor <cursoragent@cursor.com>

auth/auth.php

@@ -42,9 +42,23 @@ function dreamgirl_check_credentials(string $username, string $password): bool {
   return hash_equals($expectedSha256, $gotSha256);
 }
 
+function dreamgirl_base_path(): string {
+  // If deployed under /dreamgirl, SCRIPT_NAME is like /dreamgirl/index.php
+  // If at web root, SCRIPT_NAME is like /index.php
+  $script = isset($_SERVER['SCRIPT_NAME']) ? (string)$_SERVER['SCRIPT_NAME'] : '';
+  $dir = rtrim(str_replace('\\', '/', dirname($script)), '/');
+  return ($dir === '' || $dir === '.') ? '' : $dir;
+}
+
+function dreamgirl_url(string $path): string {
+  $base = dreamgirl_base_path();
+  $p = ltrim($path, '/');
+  return $base . '/' . $p;
+}
+
 function dreamgirl_require_login_page(): void {
   if (dreamgirl_is_logged_in()) return;
-  header('Location: /login.php');
+  header('Location: ' . dreamgirl_url('login.php'));
   exit;
 }
 

index.html

@@ -3,13 +3,13 @@
   <head>
     <meta charset="utf-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
-    <meta http-equiv="refresh" content="0; url=/index.php" />
+    <meta http-equiv="refresh" content="0; url=index.php" />
     <title>Redirecting...</title>
   </head>
   <body>
     <script>
-      window.location.replace('/index.php');
+      window.location.replace('index.php');
     </script>
-    <a href="/index.php">Continue</a>
+    <a href="index.php">Continue</a>
   </body>
 </html>

index.php

@@ -35,7 +35,7 @@ dreamgirl_require_login_page();
 			<div id="container">
 				<div style="display:flex; align-items:baseline; justify-content:space-between; gap:12px;">
 					<h1 style="margin:0;"><a href="https://ncue.net" target="_blank" rel="noopener noreferrer">NCue</a></h1>
-					<div style="font-size:12px;"><a href="/logout.php">Logout</a></div>
+					<div style="font-size:12px;"><a href="<?php echo htmlspecialchars(dreamgirl_url('logout.php'), ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'); ?>">Logout</a></div>
 				</div>
 
 				<div class="gallery-wrap">

login.php

@@ -11,7 +11,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 
   if (dreamgirl_check_credentials($username, $password)) {
     $_SESSION['dreamgirl_user'] = 'admin';
-    header('Location: /index.php');
+    header('Location: ' . dreamgirl_url('index.php'));
     exit;
   }
 
@@ -37,7 +37,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
   </head>
   <body>
     <div class="wrap">
-      <form class="card" method="post" action="/login.php" autocomplete="off">
+      <form class="card" method="post" action="<?php echo htmlspecialchars(dreamgirl_url('login.php'), ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'); ?>" autocomplete="off">
         <h1>로그인</h1>
         <label for="username">아이디</label>
         <input id="username" name="username" type="text" required autofocus />

logout.php

@@ -19,6 +19,6 @@ if (ini_get('session.use_cookies')) {
 }
 
 session_destroy();
-header('Location: /login.php');
+header('Location: ' . dreamgirl_url('login.php'));
 exit;