After the user was authenticated a redirect to the site which
linked the user to the login page is done. This fixes FS#32481.
---
web/html/login.php | 1 +
web/lib/acctfuncs.inc.php | 15 ++++++++++++++-
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/web/html/login.php b/web/html/login.php
index f898a57..1b3a589 100644
--- a/web/html/login.php
+++ b/web/html/login.php
@@ -42,6 +42,7 @@ html_header('AUR ' . __("Login"));
<p>
<input type="submit" class="button"
value="<?php print __("Login"); ?>" />
<a href="<?= get_uri('/passreset/') ?>">[<?=
__('Forgot Password') ?>]</a>
+ <input id="id_referer" type="hidden"
name="referer" value="<?= !empty($_SERVER['HTTP_REFERER']) ?
$_SERVER['HTTP_REFERER'] : '/'; ?>" />
</p>
</fieldset>
</form>
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 20ac081..127a991 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -544,7 +544,20 @@ function try_login() {
}
setcookie("AURSID", $new_sid, $cookie_time, "/", null,
!empty($_SERVER['HTTPS']), true);
- header("Location: " . get_uri('/'));
+
+ /**
+ * Check whether the site itself refered here and if so refer back to
its origin
+ *
+ * One major drawback is that POST request are not handled properly,
the only possible
+ * solution I could think of is to use JavaScript to auto submit a
hidden form, though
+ * it would slow down the page load time and would require js for a
successful redirect.
+ * This hard dependcy is not somehtings I want to implement since this
problem is too
+ * minor for such an agressive approach IMHO.
+ */
+ $referer = !empty($_REQUEST['referer']) ? $_REQUEST['referer'] : '/';
+ $aur_location = aur_location();
+ $referer = strpos($referer, $aur_location) === 0 ? $referer : '/';
+ header("Location: " . get_uri( $referer ));
$login_error = "";
}
--
2.4.4
