[aur-dev] [PATCH v2] Redirect at previous page after a successful login

Thu Jun 25 09:18:22 UTC 2015

On Thu, 18 Jun 2015 at 21:28:17, Gordian Edenhofer wrote:
> After the user was authenticated a redirect to the site which
> linked the user to the login page is done. This fixes FS#32481.
> ---
> Thanks for the replies. I fixed the concerning htmlspecialchars invocation
> and changed the formatting.
> Though I am a fan of short if-else statements and even think they improve
> readability I do not mind loosing them.
> 
> Changes since v1:
> * Prevent setting referer again if $_REQUEST['referer'] exists already
> * Do not link back to the registration page
> 
>  web/html/login.php        | 5 +++++
>  web/lib/acctfuncs.inc.php | 7 ++++++-
>  2 files changed, 11 insertions(+), 1 deletion(-)
> 
> diff --git a/web/html/login.php b/web/html/login.php
> index f898a57..ddb1e69 100644
> --- a/web/html/login.php
> +++ b/web/html/login.php
> @@ -42,6 +42,11 @@ html_header('AUR ' . __("Login"));
>                         <p>
>                                 <input type="submit" class="button" value="<?php  print __("Login"); ?>" />
>                                 <a href="<?= get_uri('/passreset/') ?>">[<?= __('Forgot Password') ?>]</a>
> +                               <?php if (in_request('referer') !== ""): ?>
> +                               <input id="id_referer" type="hidden" name="referer" value="<?= in_request('referer') ?>" />
> +                               <?php elseif (isset($_SERVER['HTTP_REFERER']) && strpos(aur_location()."/register", $_SERVER['HTTP_REFERER']) !== 0): ?>

I would prefer not having a special case for /register/. I will think of
a patch that doesn't simply redirect /register/ to the account edit form
if a user is logged in instead. So please drop the second part of that
condition :)

> +                               <input id="id_referer" type="hidden" name="referer" value="<?= htmlspecialchars($_SERVER['HTTP_REFERER'], ENT_QUOTES) ?>" />
> +                               <?php endif; ?>
>                         </p>
>                 </fieldset>
>         </form>
> diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
> index 20ac081..8f2f686 100644
> --- a/web/lib/acctfuncs.inc.php
> +++ b/web/lib/acctfuncs.inc.php
> @@ -544,7 +544,12 @@ function try_login() {
>         }
>  
>         setcookie("AURSID", $new_sid, $cookie_time, "/", null, !empty($_SERVER['HTTPS']), true);
> -       header("Location: " . get_uri('/'));
> +
> +       $referer = in_request('referer');
> +       if (strpos($referer, aur_location()) !== 0) {
> +               $referer = '/';
> +       }
> +       header("Location: ".get_uri( $referer ));

I think you misunderstood me. This should be

    header("Location: " . get_uri($referer));

Thanks!

>         $login_error = "";
>  }
>  
> -- 
> 2.4.4