We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit 8d541ec4 authored by tobyink's avatar tobyink

Non-interrupting logins.

parent fc6d7080
......@@ -69,9 +69,20 @@ if(isset($_POST['login'])) {
if(isset($logged_in) && $logged_in) {
// Send the user to the welcome page when they've logged in
header('Location: index.php');
//$smarty->display('welcome.tpl');
// Check that return URI is on this server. Prevents possible phishing uses.
if ( substr($_POST['return'], 0, 1) == '/' )
{ header(sprintf('Location: http://%s%s', $_SERVER['SERVER_NAME'], $_POST['return']));
else
{ header("Location: $base_url"); }
} else {
if ( substr($_REQUEST['return'], 0, 1) == '/' )
{ $smarty->assign('return', $_REQUEST['return']); }
else
{ $smarty->assign('return', ''); }
$smarty->display('login.tpl');
}
?>
......@@ -27,7 +27,10 @@ $smarty = new Smarty();
$smarty->template_dir = $install_path . '/themes/'. $default_theme . '/templates/';
$smarty->compile_dir = $install_path. '/themes/' . $default_theme . '/templates_c/';
$smarty->assign('base_url', $base_url);
$smarty->assign('this_page', $_SERVER['REQUEST_URI']);
if(isset($logged_in)) {
$smarty->assign('logged_in', true);
// Pre-fix this user's details with u to avoid confusion with other users
......
......@@ -16,6 +16,7 @@
<input id='password' name='password' type='password' value=''/>
<input type='submit' name='login' value='Let me in!' />
<input name="return" type="hidden" value="{$return|htmlentities}" />
</fieldset>
</form>
......
......@@ -9,7 +9,7 @@
{/if}
<li><a href="{$base_url}/login.php?action=logout">Logout</a></li>
{else}
<li><a href="{$base_url}/login.php">Login</a></li>
<li><a href="{$base_url}/login.php?return={$this_page}">Login</a></li>
{/if}
<li><a href="https://savannah.nongnu.org/bugs/?group=librefm">Bugs</a></li>
<li><a href="http://ideas.libre.fm/index.php/Using_turtle">Help</a></li>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment