[aur-dev] [PATCH v2] Redirect at previous page after a successful login

2015-06-25 Thread Gordian Edenhofer 
After the user was authenticated a redirect to the site which
linked the user to the login page is done. This fixes FS#32481.
---
Thanks for the replies. I fixed the concerning htmlspecialchars invocation
and changed the formatting.
Though I am a fan of short if-else statements and even think they improve
readability I do not mind loosing them.

Changes since v1:
* Prevent setting referer again if $_REQUEST['referer'] exists already
* Do not link back to the registration page

 web/html/login.php| 5 +
 web/lib/acctfuncs.inc.php | 7 ++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/web/html/login.php b/web/html/login.php
index f898a57..ddb1e69 100644
--- a/web/html/login.php
+++ b/web/html/login.php
@@ -42,6 +42,11 @@ html_header('AUR ' . __(Login));
p
input type=submit class=button 
value=?php  print __(Login); ? /
a href=?= get_uri('/passreset/') ?[?= 
__('Forgot Password') ?]/a
+   ?php if (in_request('referer') !== ): ?
+   input id=id_referer type=hidden 
name=referer value=?= in_request('referer') ? /
+   ?php elseif (isset($_SERVER['HTTP_REFERER']) 
 strpos(aur_location()./register, $_SERVER['HTTP_REFERER']) !== 0): ?
+   input id=id_referer type=hidden 
name=referer value=?= htmlspecialchars($_SERVER['HTTP_REFERER'], 
ENT_QUOTES) ? /
+   ?php endif; ?
/p
/fieldset
/form
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 20ac081..8f2f686 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -544,7 +544,12 @@ function try_login() {
}
 
setcookie(AURSID, $new_sid, $cookie_time, /, null, 
!empty($_SERVER['HTTPS']), true);
-   header(Location:  . get_uri('/'));
+
+   $referer = in_request('referer');
+   if (strpos($referer, aur_location()) !== 0) {
+   $referer = '/';
+   }
+   header(Location: .get_uri( $referer ));
$login_error = ;
 }
 
-- 
2.4.4

Re: [aur-dev] [PATCH v2] Redirect at previous page after a successful login

2015-06-25 Thread Lukas Fleischer 
On Thu, 18 Jun 2015 at 21:28:17, Gordian Edenhofer wrote:
 After the user was authenticated a redirect to the site which
 linked the user to the login page is done. This fixes FS#32481.
 ---
 Thanks for the replies. I fixed the concerning htmlspecialchars invocation
 and changed the formatting.
 Though I am a fan of short if-else statements and even think they improve
 readability I do not mind loosing them.
 
 Changes since v1:
 * Prevent setting referer again if $_REQUEST['referer'] exists already
 * Do not link back to the registration page
 
  web/html/login.php| 5 +
  web/lib/acctfuncs.inc.php | 7 ++-
  2 files changed, 11 insertions(+), 1 deletion(-)
 
 diff --git a/web/html/login.php b/web/html/login.php
 index f898a57..ddb1e69 100644
 --- a/web/html/login.php
 +++ b/web/html/login.php
 @@ -42,6 +42,11 @@ html_header('AUR ' . __(Login));
 p
 input type=submit class=button 
 value=?php  print __(Login); ? /
 a href=?= get_uri('/passreset/') ?[?= 
 __('Forgot Password') ?]/a
 +   ?php if (in_request('referer') !== ): ?
 +   input id=id_referer type=hidden 
 name=referer value=?= in_request('referer') ? /
 +   ?php elseif (isset($_SERVER['HTTP_REFERER']) 
  strpos(aur_location()./register, $_SERVER['HTTP_REFERER']) !== 0): ?

I would prefer not having a special case for /register/. I will think of
a patch that doesn't simply redirect /register/ to the account edit form
if a user is logged in instead. So please drop the second part of that
condition :)

 +   input id=id_referer type=hidden 
 name=referer value=?= htmlspecialchars($_SERVER['HTTP_REFERER'], 
 ENT_QUOTES) ? /
 +   ?php endif; ?
 /p
 /fieldset
 /form
 diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
 index 20ac081..8f2f686 100644
 --- a/web/lib/acctfuncs.inc.php
 +++ b/web/lib/acctfuncs.inc.php
 @@ -544,7 +544,12 @@ function try_login() {
 }
  
 setcookie(AURSID, $new_sid, $cookie_time, /, null, 
 !empty($_SERVER['HTTPS']), true);
 -   header(Location:  . get_uri('/'));
 +
 +   $referer = in_request('referer');
 +   if (strpos($referer, aur_location()) !== 0) {
 +   $referer = '/';
 +   }
 +   header(Location: .get_uri( $referer ));

I think you misunderstood me. This should be

header(Location:  . get_uri($referer));

Thanks!

 $login_error = ;
  }
  
 -- 
 2.4.4