diff options
| -rw-r--r-- | phpBB/docs/coding-guidelines.html | 2 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 30 | ||||
| -rwxr-xr-x | phpBB/ucp.php | 6 | ||||
| -rw-r--r-- | phpBB/viewtopic.php | 2 |
4 files changed, 26 insertions, 14 deletions
diff --git a/phpBB/docs/coding-guidelines.html b/phpBB/docs/coding-guidelines.html index d45a39f4df..803d88ebc2 100644 --- a/phpBB/docs/coding-guidelines.html +++ b/phpBB/docs/coding-guidelines.html @@ -865,6 +865,8 @@ $action_ary = request_var('action', array('' => 0)); <h3>Login checks/redirection: </h3> <p>To show a forum login box use <code>login_forum_box($forum_data)</code>, else use the <code>login_box()</code> function.</p> + <p>The <code>login_box()</code> function could have a redirect as the first parameter. As a thumb of rule, specify an empty string if you want to redirect to the users current location, else do not add the <code>$SID</code> to the redirect string (for example within the ucp/login we redirect to the board index because else the user would be redirected to the login screen).</p> + <h3>Sensitive Operations: </h3> <p>For sensitive operations always let the user confirm the action. For the confirmation screens, make use of the <code>confirm_box()</code> function.</p> diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index bdf44d31d0..fd658bb0c4 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1413,20 +1413,30 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa // The result parameter is always an array, holding the relevant informations... if ($result['status'] == LOGIN_SUCCESS) { - $redirect = request_var('redirect', "index.$phpEx$SID"); - meta_refresh(3, $redirect); - + $redirect = request_var('redirect', "index.$phpEx"); $message = ($l_success) ? $l_success : $user->lang['LOGIN_REDIRECT']; - - if ($admin) + $l_redirect = ($admin) ? $user->lang['PROCEED_TO_ACP'] : (($redirect === "index.$phpEx") ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']); + + // append/replace SID (may change during the session for AOL users) + if ($redirect === "index.$phpEx") { - $message .= '<br /><br />' . sprintf($user->lang['PROCEED_TO_ACP'], '<a href="' . $redirect . '">', '</a> '); + $redirect = "index.$phpEx$SID"; } else { - $message .= '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a> '); + // Remove previously added sid (should not happen) + if (strpos($redirect, '?sid=')) + { + $redirect = preg_replace('/\?sid=[a-z0-9]+(&|&)?/', $SID . '\1', $redirect); + } + else + { + $redirect = (strpos($redirect, '?') === false) ? $redirect . $SID : $redirect . str_replace('?', '&', $SID); + } } - trigger_error($message); + + meta_refresh(3, $redirect); + trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>')); } // The user wanted to re-authenticate, but something failed - log this @@ -1485,10 +1495,10 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa if (!$redirect) { // We just use what the session code determined... - $redirect = htmlspecialchars($user->page['page_name'] . $SID . '&' . $user->page['query_string']); + $redirect = htmlspecialchars($user->page['page_name'] . (($user->page['query_string']) ? '?' . $user->page['query_string'] : '')); } - $s_hidden_fields = build_hidden_fields(array('redirect' => $redirect, 'sid' => $SID)); + $s_hidden_fields = build_hidden_fields(array('redirect' => $redirect, 'sid' => $user->session_id)); $template->assign_vars(array( 'LOGIN_ERROR' => $err, diff --git a/phpBB/ucp.php b/phpBB/ucp.php index 65e9adaabe..8e178537b3 100755 --- a/phpBB/ucp.php +++ b/phpBB/ucp.php @@ -74,7 +74,7 @@ switch ($mode) redirect("index.$phpEx$SID"); } - login_box("index.$phpEx$SID"); + login_box("index.$phpEx"); break; case 'logout': @@ -86,7 +86,7 @@ switch ($mode) meta_refresh(3, "index.$phpEx$SID"); - $message = $user->lang['LOGOUT_REDIRECT'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . "{$phpbb_root_path}index.$phpEx$SID" . '">', '</a> '); + $message = $user->lang['LOGOUT_REDIRECT'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . "{$phpbb_root_path}index.$phpEx$SID" . '">', '</a> '); trigger_error($message); break; @@ -103,7 +103,7 @@ switch ($mode) redirect("index.$phpEx$SID"); } - login_box("index.$phpEx$SID"); + login_box(); } $template->set_filenames(array( diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 535f12ee0e..f7f3e81217 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -284,7 +284,7 @@ if (isset($_GET['e'])) if ($user->data['user_id'] == ANONYMOUS) { - login_box("{$phpbb_root_path}$redirect_url&p=$post_id&e=$jump_to", $user->lang['LOGIN_NOTIFY_TOPIC']); + login_box("{$phpbb_root_path}viewtopic.$phpEx?f=$forum_id&t=$topic_id&p=$post_id&e=$jump_to", $user->lang['LOGIN_NOTIFY_TOPIC']); } if ($jump_to > 0) |