[aur-dev] [PATCH] Redirect at previous page after a successful login

[Gordian Edenhofer]

After the user was authenticated a redirect to the site which
linked the user to the login page is done. This fixes FS#32481.
---
 web/html/login.php        |  1 +
 web/lib/acctfuncs.inc.php | 15 ++++++++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/web/html/login.php b/web/html/login.php
index f898a57..1b3a589 100644
--- a/web/html/login.php
+++ b/web/html/login.php
@@ -42,6 +42,7 @@ html_header('AUR ' . __("Login"));
 			<p>
 				<input type="submit" class="button" value="<?php  print __("Login"); ?>" />
 				<a href="<?= get_uri('/passreset/') ?>">[<?= __('Forgot Password') ?>]</a>
+				<input id="id_referer" type="hidden" name="referer" value="<?= !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/'; ?>" />
 			</p>
 		</fieldset>
 	</form>
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 20ac081..127a991 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -544,7 +544,20 @@ function try_login() {
 	}
 
 	setcookie("AURSID", $new_sid, $cookie_time, "/", null, !empty($_SERVER['HTTPS']), true);
-	header("Location: " . get_uri('/'));
+
+	/**
+	 * Check whether the site itself refered here and if so refer back to its origin
+	 *
+	 * One major drawback is that POST request are not handled properly, the only possible
+	 * solution I could think of is to use JavaScript to auto submit a hidden form, though
+	 * it would slow down the page load time and would require js for a successful redirect.
+	 * This hard dependcy is not somehtings I want to implement since this problem is too
+	 * minor for such an agressive approach IMHO.
+	 */
+	$referer = !empty($_REQUEST['referer']) ? $_REQUEST['referer'] : '/';
+	$aur_location = aur_location();
+	$referer = strpos($referer, $aur_location) === 0 ? $referer : '/';
+	header("Location: " . get_uri( $referer ));
 	$login_error = "";
 }
 
-- 
2.4.4