Adds login redirection to original requested page

app/includes/constants.php

@@ -0,0 +1,5 @@
+<?php
+// Pages that should not be used as redirect targets
+const INVALID_REDIRECT_PAGES = [
+    '', 'login', 'dashboard', '/'
+];

app/pages/login.php

@@ -287,7 +287,20 @@ function handleSuccessfulLogin($userId, $username, $rememberMe, $config, $app_ro
     // Log successful login
     $logObject->insertLog($userId, "Login: User \"$username\" logged in. IP: $userIP", 'user');
 
-    // Set success message and redirect
+    // Set success message
     Feedback::flash('LOGIN', 'LOGIN_SUCCESS');
     header('Location: ' . htmlspecialchars($app_root));
+
+    // After successful login, redirect to original page if provided in URL param or POST
+    $redirect = $app_root;
+    $candidate = $_POST['redirect'] ?? $_GET['redirect'] ?? '';
+    $trimmed = trim($candidate, '/?');
+    if (
+        (strpos($candidate, '/') === 0 || strpos($candidate, '?') === 0)
+        && !in_array($trimmed, INVALID_REDIRECT_PAGES, true)
+    ) {
+        $redirect = $candidate;
+    }
+    header('Location: ' . htmlspecialchars($redirect));
+    exit();
 }

app/templates/form-login.php

@@ -21,6 +21,9 @@
                             remember me
                         </label>
                     </div>
+<?php if (isset($_GET['redirect'])): ?>
+                    <input type="hidden" name="redirect" value="<?php echo htmlspecialchars($_GET['redirect']); ?>">
+<?php endif; ?>
                     <input type="submit" class="btn btn-primary" value="Login" />
                 </form>
                 <div class="mt-3">

public_html/index.php

@@ -54,6 +54,9 @@ if (!defined('CSRF_TOKEN_INCLUDE')) {
     define('CSRF_TOKEN_INCLUDE', dirname(__DIR__) . '/app/includes/csrf_token.php');
 }
 
+// Global cnstants
+require_once '../app/includes/constants.php';
+
 // we start output buffering and
 // flush it later only when there is no redirect
 ob_start();
@@ -171,7 +174,14 @@ $public_pages = filter_public_pages($public_pages);
 // Check if the requested page requires authentication
 if (!isset($_COOKIE['username']) && !$validSession && !in_array($page, $public_pages)) {
     require_once '../app/includes/session_middleware.php';
-    applySessionMiddleware($config, $app_root);
+    $loginUrl = $app_root . '?page=login';
+    // Use the central exclusion list for redirect
+    $trimmed = trim($page, '/?');
+    if (!in_array($trimmed, INVALID_REDIRECT_PAGES, true)) {
+        $loginUrl .= '&redirect=' . urlencode($_SERVER['REQUEST_URI']);
+    }
+    header('Location: ' . $loginUrl);
+    exit();
 }
 
 // Check session and redirect if needed
@@ -180,15 +190,21 @@ if ($validSession) {
     $currentUser = Session::getUsername();
 } else if (isset($_COOKIE['username']) && !in_array($page, $public_pages)) {
     // Cookie exists but session is invalid - redirect to login
-    if (!isset($_SESSION['session_timeout_shown'])) {
+    $loginUrl = $app_root . '?page=login';
-        Feedback::flash('LOGIN', 'SESSION_TIMEOUT');
+    $trimmed = trim($page, '/?');
-        $_SESSION['session_timeout_shown'] = true;
+    if (!in_array($trimmed, INVALID_REDIRECT_PAGES, true)) {
+        $loginUrl .= '&redirect=' . urlencode($_SERVER['REQUEST_URI']);
     }
-    header('Location: ' . htmlspecialchars($app_root) . '?page=login');
+    header('Location: ' . $loginUrl);
     exit();
 } else if (!in_array($page, $public_pages)) {
     // No valid session or cookie, and not a public page
-    header('Location: ' . htmlspecialchars($app_root) . '?page=login');
+    $loginUrl = $app_root . '?page=login';
+    $trimmed = trim($page, '/?');
+    if (!in_array($trimmed, INVALID_REDIRECT_PAGES, true)) {
+        $loginUrl .= '&redirect=' . urlencode($_SERVER['REQUEST_URI']);
+    }
+    header('Location: ' . $loginUrl);
     exit();
 }