[aur-dev] [PATCH v2] Redirect at previous page after a successful login
After the user was authenticated a redirect to the site which linked the user to the login page is done. This fixes FS#32481. --- Thanks for the replies. I fixed the concerning htmlspecialchars invocation and changed the formatting. Though I am a fan of short if-else statements and even think they improve readability I do not mind loosing them. Changes since v1: * Prevent setting referer again if $_REQUEST['referer'] exists already * Do not link back to the registration page web/html/login.php | 5 +++++ web/lib/acctfuncs.inc.php | 7 ++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/web/html/login.php b/web/html/login.php index f898a57..ddb1e69 100644 --- a/web/html/login.php +++ b/web/html/login.php @@ -42,6 +42,11 @@ html_header('AUR ' . __("Login")); <p> <input type="submit" class="button" value="<?php print __("Login"); ?>" /> <a href="<?= get_uri('/passreset/') ?>">[<?= __('Forgot Password') ?>]</a> + <?php if (in_request('referer') !== ""): ?> + <input id="id_referer" type="hidden" name="referer" value="<?= in_request('referer') ?>" /> + <?php elseif (isset($_SERVER['HTTP_REFERER']) && strpos(aur_location()."/register", $_SERVER['HTTP_REFERER']) !== 0): ?> + <input id="id_referer" type="hidden" name="referer" value="<?= htmlspecialchars($_SERVER['HTTP_REFERER'], ENT_QUOTES) ?>" /> + <?php endif; ?> </p> </fieldset> </form> diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 20ac081..8f2f686 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -544,7 +544,12 @@ function try_login() { } setcookie("AURSID", $new_sid, $cookie_time, "/", null, !empty($_SERVER['HTTPS']), true); - header("Location: " . get_uri('/')); + + $referer = in_request('referer'); + if (strpos($referer, aur_location()) !== 0) { + $referer = '/'; + } + header("Location: ".get_uri( $referer )); $login_error = ""; } -- 2.4.4
On Thu, 18 Jun 2015 at 21:28:17, Gordian Edenhofer wrote:
After the user was authenticated a redirect to the site which linked the user to the login page is done. This fixes FS#32481. --- Thanks for the replies. I fixed the concerning htmlspecialchars invocation and changed the formatting. Though I am a fan of short if-else statements and even think they improve readability I do not mind loosing them.
Changes since v1: * Prevent setting referer again if $_REQUEST['referer'] exists already * Do not link back to the registration page
web/html/login.php | 5 +++++ web/lib/acctfuncs.inc.php | 7 ++++++- 2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/web/html/login.php b/web/html/login.php index f898a57..ddb1e69 100644 --- a/web/html/login.php +++ b/web/html/login.php @@ -42,6 +42,11 @@ html_header('AUR ' . __("Login")); <p> <input type="submit" class="button" value="<?php print __("Login"); ?>" /> <a href="<?= get_uri('/passreset/') ?>">[<?= __('Forgot Password') ?>]</a> + <?php if (in_request('referer') !== ""): ?> + <input id="id_referer" type="hidden" name="referer" value="<?= in_request('referer') ?>" /> + <?php elseif (isset($_SERVER['HTTP_REFERER']) && strpos(aur_location()."/register", $_SERVER['HTTP_REFERER']) !== 0): ?>
I would prefer not having a special case for /register/. I will think of a patch that doesn't simply redirect /register/ to the account edit form if a user is logged in instead. So please drop the second part of that condition :)
+ <input id="id_referer" type="hidden" name="referer" value="<?= htmlspecialchars($_SERVER['HTTP_REFERER'], ENT_QUOTES) ?>" /> + <?php endif; ?> </p> </fieldset> </form> diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 20ac081..8f2f686 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -544,7 +544,12 @@ function try_login() { }
setcookie("AURSID", $new_sid, $cookie_time, "/", null, !empty($_SERVER['HTTPS']), true); - header("Location: " . get_uri('/')); + + $referer = in_request('referer'); + if (strpos($referer, aur_location()) !== 0) { + $referer = '/'; + } + header("Location: ".get_uri( $referer ));
I think you misunderstood me. This should be header("Location: " . get_uri($referer)); Thanks!
$login_error = ""; }
-- 2.4.4
participants (2)
-
Gordian Edenhofer
-
Lukas Fleischer