From d50b0425907a1c323c39212c986f7c1546a038b5 Mon Sep 17 00:00:00 2001 From: Nate Jones Date: Wed, 18 Jun 2014 04:53:18 +0000 Subject: [PATCH] Fix for Issue 481 (Enhanced) - Links to protected pages (such as emailed conference recording links, etc) will now properly redirect upon a successful login attempt AFTER failed login attempts. --- resources/check_auth.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/resources/check_auth.php b/resources/check_auth.php index 57088537f7..9283741716 100644 --- a/resources/check_auth.php +++ b/resources/check_auth.php @@ -45,9 +45,9 @@ require_once "resources/require.php"; //if the username is not provided then send to login.php if (strlen(check_str($_REQUEST["username"])) == 0 && strlen(check_str($_REQUEST["key"])) == 0) { - $php_self = $_SERVER["PHP_SELF"]; - $msg = "username required"; - header("Location: ".PROJECT_PATH."/login.php?path=".urlencode($php_self)."&msg=".urlencode($msg)); + $target_path = ($_REQUEST["path"] != '') ? $_REQUEST["path"] : $_SERVER["PHP_SELF"]; + $_SESSION["message"] = "Invalid Username and/or Password"; + header("Location: ".PROJECT_PATH."/login.php?path=".urlencode($target_path)); exit; } @@ -263,9 +263,9 @@ require_once "resources/require.php"; syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] authentication failed for ".check_str($_REQUEST["username"])); closelog(); //redirect the user to the login page - $php_self = $_SERVER["PHP_SELF"]; - $msg = "incorrect account information"; - header("Location: ".PROJECT_PATH."/login.php?path=".urlencode($php_self)."&msg=".urlencode($msg)); + $target_path = ($_REQUEST["path"] != '') ? $_REQUEST["path"] : $_SERVER["PHP_SELF"]; + $_SESSION["message"] = "Invalid Username and/or Password"; + header("Location: ".PROJECT_PATH."/login.php?path=".urlencode($target_path)); exit; } foreach ($result as &$row) {