diff --git a/build/index.php b/build/index.php index 3ebdc2c..ecc57d2 100644 --- a/build/index.php +++ b/build/index.php @@ -1158,7 +1158,7 @@ if(!isset($pageindex->{$env->page}) and isset($_GET["search-redirect"])) // Note we use $_GET here because $env->action isn't populated at this point if($settings->require_login_view === true && // If this site requires a login in order to view pages !$env->is_logged_in && // And the user isn't logged in - $_GET["action"] !== "login") // And the user isn't requesting the login page + !in_array($_GET["action"], [ "login", "checklogin" ])) // And the user isn't trying to login { // Redirect the user to the login page http_response_code(307); @@ -2854,13 +2854,19 @@ register_module([ */ add_action("login", function() { global $settings; + + // Build the action url that will actually perform the login + $login_form_action_url = "index.php?action=checklogin"; + if(isset($_GET["returnto"])) + $login_form_action_url .= "&returnto=" . rawurlencode($_GET["returnto"]); + $title = "Login to $settings->sitename"; $content = "

Login to $settings->sitename

\n"; if(isset($_GET["failed"])) $content .= "\t\t

Login failed.

\n"; if(isset($_GET["required"])) $content .= "\t\t

$settings->sitename requires that you login before continuing.

\n"; - $content .= "\t\t
+ $content .= "\t\t
@@ -2898,8 +2904,8 @@ register_module([ $_SESSION["$settings->sessionprefix-expiretime"] = $expiretime; //redirect to wherever the user was going http_response_code(302); - if(isset($_POST["goto"])) - header("location: " . $_POST["returnto"]); + if(isset($_GET["returnto"])) + header("location: " . $_GET["returnto"]); else header("location: index.php"); exit(); diff --git a/core.php b/core.php index 98aba4e..7977214 100644 --- a/core.php +++ b/core.php @@ -818,7 +818,7 @@ if(!isset($pageindex->{$env->page}) and isset($_GET["search-redirect"])) // Note we use $_GET here because $env->action isn't populated at this point if($settings->require_login_view === true && // If this site requires a login in order to view pages !$env->is_logged_in && // And the user isn't logged in - $_GET["action"] !== "login") // And the user isn't requesting the login page + !in_array($_GET["action"], [ "login", "checklogin" ])) // And the user isn't trying to login { // Redirect the user to the login page http_response_code(307); diff --git a/module_index.json b/module_index.json index f2c6080..80122d6 100644 --- a/module_index.json +++ b/module_index.json @@ -122,7 +122,7 @@ "author": "Starbeamrainbowlabs", "description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.", "id": "page-login", - "lastupdate": 1447514093, + "lastupdate": 1447515644, "optional": false }, { diff --git a/modules/page-login.php b/modules/page-login.php index 29a7f09..c12f1a0 100644 --- a/modules/page-login.php +++ b/modules/page-login.php @@ -18,9 +18,9 @@ register_module([ global $settings; // Build the action url that will actually perform the login - $login_form_action_url = "index.php?action=checklogin" + $login_form_action_url = "index.php?action=checklogin"; if(isset($_GET["returnto"])) - $login_form_action_url .= "&returnto=" . rawurlencode($_SERVER['REQUEST_URI']); + $login_form_action_url .= "&returnto=" . rawurlencode($_GET["returnto"]); $title = "Login to $settings->sitename"; $content = "

Login to $settings->sitename

\n"; @@ -66,8 +66,8 @@ register_module([ $_SESSION["$settings->sessionprefix-expiretime"] = $expiretime; //redirect to wherever the user was going http_response_code(302); - if(isset($_POST["returnto"])) - header("location: " . $_POST["returnto"]); + if(isset($_GET["returnto"])) + header("location: " . $_GET["returnto"]); else header("location: index.php"); exit();