diff options
author | Florian Pritz <bluewind@xinu.at> | 2015-08-18 22:01:18 +0200 |
---|---|---|
committer | Florian Pritz <bluewind@xinu.at> | 2015-08-18 22:01:18 +0200 |
commit | 1c247bc4073451ad156ecedfbd2f7ebe73b56c12 (patch) | |
tree | 522b1527126d4b687229fb3e2c50a3c052f4f310 /application | |
parent | f0dd547bd84b4461cdab8d7d556bdb275bf4864a (diff) |
Fix redirect URI when using multiple tabs
If we store only the last called URI in the session we can't support
multiple browser tabs that all need to log in again. Fix this by
storing the URI in the URL.
Also change a trim() to ltrim() so that the URI string we store keeps
it's trailing slash.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application')
-rw-r--r-- | application/controllers/user.php | 19 | ||||
-rw-r--r-- | application/models/muser.php | 12 | ||||
-rw-r--r-- | application/views/header.php | 2 | ||||
-rw-r--r-- | application/views/user/login.php | 2 |
4 files changed, 14 insertions, 21 deletions
diff --git a/application/controllers/user.php b/application/controllers/user.php index b432cba5e..eca0b7da3 100644 --- a/application/controllers/user.php +++ b/application/controllers/user.php @@ -44,8 +44,18 @@ class User extends MY_Controller { function login() { + $redirect_uri = $this->input->get("redirect_uri"); $this->muser->require_session(); - $this->session->keep_flashdata("uri"); + + if (!preg_match('/^[0-9a-zA-Z\/_]*$/', $redirect_uri)) { + $redirect_uri = '/'; + } + + if ($this->muser->logged_in()) { + redirect($redirect_uri); + } + + $this->data['redirect_uri'] = $redirect_uri; if ($this->input->post('process') !== false) { $username = $this->input->post('username'); @@ -59,12 +69,7 @@ class User extends MY_Controller { $this->load->view($this->var->view_dir.'login', $this->data); $this->load->view('footer', $this->data); } else { - $uri = $this->session->flashdata("uri"); - if ($uri) { - redirect($uri); - } else { - redirect("/"); - } + redirect($redirect_uri); } } else { $this->load->view('header', $this->data); diff --git a/application/models/muser.php b/application/models/muser.php index 4d183c5a6..200390358 100644 --- a/application/models/muser.php +++ b/application/models/muser.php @@ -18,10 +18,6 @@ class Muser extends CI_Model { { parent::__construct(); - if ($this->has_session() && !$this->logged_in()) { - $this->session->keep_flashdata("uri"); - } - $this->load->helper("filebin"); $this->load->driver("duser"); } @@ -184,14 +180,6 @@ class Muser extends CI_Model { return $this->check_access_level($wanted_level); } - if (stateful_client()) { - // desktop clients get redirected to the login form - $this->require_session(); - if (!$this->session->userdata("flash:new:uri")) { - $this->session->set_flashdata("uri", $this->uri->uri_string()); - } - } - throw new \exceptions\NotAuthenticatedException("api/not-authenticated", "Not authenticated. FileBin requires you to have an account, please go to the homepage for more information."); } diff --git a/application/views/header.php b/application/views/header.php index 081f91820..6332382b2 100644 --- a/application/views/header.php +++ b/application/views/header.php @@ -77,7 +77,7 @@ if (is_cli_client() && !isset($force_full_html)) { <?php if(auth_driver_function_implemented("can_reset_password")) { ?> <p><?php echo anchor("user/reset_password", "Forgot your password?"); ?></p> <?php } ?> - <?php echo form_open("user/login", array("class" => "form-signin")); ?> + <?php echo form_open("user/login?redirect_uri=".get_instance()->uri->uri_string(), array("class" => "form-signin")); ?> <input type="text" name="username" placeholder="Username" class="form-control"> <input type="password" name="password" placeholder="Password" class="form-control"> <button type="submit" name="process" class="btn btn-default btn-block">Login</button> diff --git a/application/views/user/login.php b/application/views/user/login.php index 3e30d53bd..5b2067bb0 100644 --- a/application/views/user/login.php +++ b/application/views/user/login.php @@ -3,7 +3,7 @@ if (isset($login_error)) { ?> <div class="alert alert-danger">The entered credentials are invalid.</div> <?php } ?> -<?php echo form_open('user/login', array("class" => "form-horizontal login-page")); ?> +<?php echo form_open("user/login?redirect_uri=$redirect_uri", array("class" => "form-horizontal login-page")); ?> <div class="form-group"> <label class="control-label" for="inputUsername">Username</label> <div class="controls"> |