Adds login redirection to original requested page
parent
6542df9074
commit
0b59072d9b
|
|
@ -0,0 +1,5 @@
|
|||
<?php
|
||||
// Pages that should not be used as redirect targets
|
||||
const INVALID_REDIRECT_PAGES = [
|
||||
'', 'login', 'dashboard', '/'
|
||||
];
|
||||
|
|
@ -287,7 +287,20 @@ function handleSuccessfulLogin($userId, $username, $rememberMe, $config, $app_ro
|
|||
// Log successful login
|
||||
$logObject->insertLog($userId, "Login: User \"$username\" logged in. IP: $userIP", 'user');
|
||||
|
||||
// Set success message and redirect
|
||||
// Set success message
|
||||
Feedback::flash('LOGIN', 'LOGIN_SUCCESS');
|
||||
header('Location: ' . htmlspecialchars($app_root));
|
||||
|
||||
// After successful login, redirect to original page if provided in URL param or POST
|
||||
$redirect = $app_root;
|
||||
$candidate = $_POST['redirect'] ?? $_GET['redirect'] ?? '';
|
||||
$trimmed = trim($candidate, '/?');
|
||||
if (
|
||||
(strpos($candidate, '/') === 0 || strpos($candidate, '?') === 0)
|
||||
&& !in_array($trimmed, INVALID_REDIRECT_PAGES, true)
|
||||
) {
|
||||
$redirect = $candidate;
|
||||
}
|
||||
header('Location: ' . htmlspecialchars($redirect));
|
||||
exit();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -21,6 +21,9 @@
|
|||
remember me
|
||||
</label>
|
||||
</div>
|
||||
<?php if (isset($_GET['redirect'])): ?>
|
||||
<input type="hidden" name="redirect" value="<?php echo htmlspecialchars($_GET['redirect']); ?>">
|
||||
<?php endif; ?>
|
||||
<input type="submit" class="btn btn-primary" value="Login" />
|
||||
</form>
|
||||
<div class="mt-3">
|
||||
|
|
|
|||
|
|
@ -54,6 +54,9 @@ if (!defined('CSRF_TOKEN_INCLUDE')) {
|
|||
define('CSRF_TOKEN_INCLUDE', dirname(__DIR__) . '/app/includes/csrf_token.php');
|
||||
}
|
||||
|
||||
// Global cnstants
|
||||
require_once '../app/includes/constants.php';
|
||||
|
||||
// we start output buffering and
|
||||
// flush it later only when there is no redirect
|
||||
ob_start();
|
||||
|
|
@ -171,7 +174,14 @@ $public_pages = filter_public_pages($public_pages);
|
|||
// Check if the requested page requires authentication
|
||||
if (!isset($_COOKIE['username']) && !$validSession && !in_array($page, $public_pages)) {
|
||||
require_once '../app/includes/session_middleware.php';
|
||||
applySessionMiddleware($config, $app_root);
|
||||
$loginUrl = $app_root . '?page=login';
|
||||
// Use the central exclusion list for redirect
|
||||
$trimmed = trim($page, '/?');
|
||||
if (!in_array($trimmed, INVALID_REDIRECT_PAGES, true)) {
|
||||
$loginUrl .= '&redirect=' . urlencode($_SERVER['REQUEST_URI']);
|
||||
}
|
||||
header('Location: ' . $loginUrl);
|
||||
exit();
|
||||
}
|
||||
|
||||
// Check session and redirect if needed
|
||||
|
|
@ -180,15 +190,21 @@ if ($validSession) {
|
|||
$currentUser = Session::getUsername();
|
||||
} else if (isset($_COOKIE['username']) && !in_array($page, $public_pages)) {
|
||||
// Cookie exists but session is invalid - redirect to login
|
||||
if (!isset($_SESSION['session_timeout_shown'])) {
|
||||
Feedback::flash('LOGIN', 'SESSION_TIMEOUT');
|
||||
$_SESSION['session_timeout_shown'] = true;
|
||||
$loginUrl = $app_root . '?page=login';
|
||||
$trimmed = trim($page, '/?');
|
||||
if (!in_array($trimmed, INVALID_REDIRECT_PAGES, true)) {
|
||||
$loginUrl .= '&redirect=' . urlencode($_SERVER['REQUEST_URI']);
|
||||
}
|
||||
header('Location: ' . htmlspecialchars($app_root) . '?page=login');
|
||||
header('Location: ' . $loginUrl);
|
||||
exit();
|
||||
} else if (!in_array($page, $public_pages)) {
|
||||
// No valid session or cookie, and not a public page
|
||||
header('Location: ' . htmlspecialchars($app_root) . '?page=login');
|
||||
$loginUrl = $app_root . '?page=login';
|
||||
$trimmed = trim($page, '/?');
|
||||
if (!in_array($trimmed, INVALID_REDIRECT_PAGES, true)) {
|
||||
$loginUrl .= '&redirect=' . urlencode($_SERVER['REQUEST_URI']);
|
||||
}
|
||||
header('Location: ' . $loginUrl);
|
||||
exit();
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue