[aur-dev] [PATCH] Redirect at previous page after a successful login

Gordian Edenhofer gordian.edenhofer at gmail.com
Thu Jun 18 19:45:10 UTC 2015 

On Thu, 2015-06-18 at 21:28 +0200, Gordian Edenhofer wrote:
> After the user was authenticated a redirect to the site which
> linked the user to the login page is done. This fixes FS#32481.
> ---
>  web/html/login.php        |  1 +
>  web/lib/acctfuncs.inc.php | 15 ++++++++++++++-
>  2 files changed, 15 insertions(+), 1 deletion(-)
> 
> diff --git a/web/html/login.php b/web/html/login.php
> index f898a57..1b3a589 100644
> --- a/web/html/login.php
> +++ b/web/html/login.php
> @@ -42,6 +42,7 @@ html_header('AUR ' . __("Login"));
>  			<p>
>  				<input type="submit" class="button" 
> value="<?php  print __("Login"); ?>" />
>  				<a href="<?= get_uri('/passreset/') 
> ?>">[<?= __('Forgot Password') ?>]</a>
> +				<input id="id_referer" type="hidden" 
> name="referer" value="<?= !empty($_SERVER['HTTP_REFERER']) ? 
> $_SERVER['HTTP_REFERER'] : '/'; ?>" />
>  			</p>
>  		</fieldset>
>  	</form>
> diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
> index 20ac081..127a991 100644
> --- a/web/lib/acctfuncs.inc.php
> +++ b/web/lib/acctfuncs.inc.php
> @@ -544,7 +544,20 @@ function try_login() {
>  	}
>  
>  	setcookie("AURSID", $new_sid, $cookie_time, "/", null, 
> !empty($_SERVER['HTTPS']), true);
> -	header("Location: " . get_uri('/'));
> +
> +	/**
> +	 * Check whether the site itself refered here and if so 
> refer back to its origin
> +	 *
> +	 * One major drawback is that POST request are not handled 
> properly, the only possible
> +	 * solution I could think of is to use JavaScript to auto 
> submit a hidden form, though
> +	 * it would slow down the page load time and would require 
> js for a successful redirect.
> +	 * This hard dependcy is not somehtings I want to implement 
> since this problem is too
> +	 * minor for such an agressive approach IMHO.
> +	 */
> +	$referer = !empty($_REQUEST['referer']) ? 
> $_REQUEST['referer'] : '/';
> +	$aur_location = aur_location();
> +	$referer = strpos($referer, $aur_location) === 0 ? $referer 
> : '/';
> +	header("Location: " . get_uri( $referer ));
>  	$login_error = "";
>  }
>  

Sorry for sending this message twice. Please just ignore this E-Mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.archlinux.org/pipermail/aur-dev/attachments/20150618/2553d22f/attachment-0001.asc>

More information about the aur-dev mailing list