[aur-dev] [PATCH] Redirect at previous page after a successful login
Gordian Edenhofer
gordian.edenhofer at gmail.com
Thu Jun 18 19:28:17 UTC 2015
After the user was authenticated a redirect to the site which
linked the user to the login page is done. This fixes FS#32481.
---
web/html/login.php | 1 +
web/lib/acctfuncs.inc.php | 15 ++++++++++++++-
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/web/html/login.php b/web/html/login.php
index f898a57..1b3a589 100644
--- a/web/html/login.php
+++ b/web/html/login.php
@@ -42,6 +42,7 @@ html_header('AUR ' . __("Login"));
<p>
<input type="submit" class="button" value="<?php print __("Login"); ?>" />
<a href="<?= get_uri('/passreset/') ?>">[<?= __('Forgot Password') ?>]</a>
+ <input id="id_referer" type="hidden" name="referer" value="<?= !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/'; ?>" />
</p>
</fieldset>
</form>
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 20ac081..127a991 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -544,7 +544,20 @@ function try_login() {
}
setcookie("AURSID", $new_sid, $cookie_time, "/", null, !empty($_SERVER['HTTPS']), true);
- header("Location: " . get_uri('/'));
+
+ /**
+ * Check whether the site itself refered here and if so refer back to its origin
+ *
+ * One major drawback is that POST request are not handled properly, the only possible
+ * solution I could think of is to use JavaScript to auto submit a hidden form, though
+ * it would slow down the page load time and would require js for a successful redirect.
+ * This hard dependcy is not somehtings I want to implement since this problem is too
+ * minor for such an agressive approach IMHO.
+ */
+ $referer = !empty($_REQUEST['referer']) ? $_REQUEST['referer'] : '/';
+ $aur_location = aur_location();
+ $referer = strpos($referer, $aur_location) === 0 ? $referer : '/';
+ header("Location: " . get_uri( $referer ));
$login_error = "";
}
--
2.4.4
More information about the aur-dev
mailing list