From 1cca9a9f738a2e952298bf0a33bcfccd0c2b0409 Mon Sep 17 00:00:00 2001
From: Starbeamrainbowlabs <sbrl@starbeamrainbowlabs.com>
Date: Sat, 14 Nov 2015 15:41:28 +0000
Subject: [PATCH] Redirect to the last page viewed. Fixes #38.

---
 build/index.php        | 14 ++++++++++----
 core.php               |  2 +-
 module_index.json      |  2 +-
 modules/page-login.php |  8 ++++----
 4 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/build/index.php b/build/index.php
index 3ebdc2c..ecc57d2 100644
--- a/build/index.php
+++ b/build/index.php
@@ -1158,7 +1158,7 @@ if(!isset($pageindex->{$env->page}) and isset($_GET["search-redirect"]))
 // Note we use $_GET here because $env->action isn't populated at this point
 if($settings->require_login_view === true && // If this site requires a login in order to view pages
    !$env->is_logged_in && // And the user isn't logged in
-   $_GET["action"] !== "login") // And the user isn't requesting the login page
+   !in_array($_GET["action"], [ "login", "checklogin" ])) // And the user isn't trying to login
 {
     // Redirect the user to the login page
     http_response_code(307);
@@ -2854,13 +2854,19 @@ register_module([
 		 */
 		add_action("login", function() {
 			global $settings;
+			
+			// Build the action url that will actually perform the login
+			$login_form_action_url = "index.php?action=checklogin";
+			if(isset($_GET["returnto"]))
+				$login_form_action_url .= "&returnto=" . rawurlencode($_GET["returnto"]);
+			
 			$title = "Login to $settings->sitename";
 			$content = "<h1>Login to $settings->sitename</h1>\n";
 			if(isset($_GET["failed"]))
 				$content .= "\t\t<p><em>Login failed.</em></p>\n";
 			if(isset($_GET["required"]))
 				$content .= "\t\t<p><em>$settings->sitename requires that you login before continuing.</em></p>\n";
-			$content .= "\t\t<form method='post' action='index.php?action=checklogin&returnto=" . rawurlencode($_SERVER['REQUEST_URI']) . "'>
+			$content .= "\t\t<form method='post' action='$login_form_action_url'>
 				<label for='user'>Username:</label>
 				<input type='text' name='user' id='user' />
 				<br />
@@ -2898,8 +2904,8 @@ register_module([
 					$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
 					//redirect to wherever the user was going
 					http_response_code(302);
-					if(isset($_POST["goto"]))
-						header("location: " . $_POST["returnto"]);
+					if(isset($_GET["returnto"]))
+						header("location: " . $_GET["returnto"]);
 					else
 						header("location: index.php");
 					exit();
diff --git a/core.php b/core.php
index 98aba4e..7977214 100644
--- a/core.php
+++ b/core.php
@@ -818,7 +818,7 @@ if(!isset($pageindex->{$env->page}) and isset($_GET["search-redirect"]))
 // Note we use $_GET here because $env->action isn't populated at this point
 if($settings->require_login_view === true && // If this site requires a login in order to view pages
    !$env->is_logged_in && // And the user isn't logged in
-   $_GET["action"] !== "login") // And the user isn't requesting the login page
+   !in_array($_GET["action"], [ "login", "checklogin" ])) // And the user isn't trying to login
 {
     // Redirect the user to the login page
     http_response_code(307);
diff --git a/module_index.json b/module_index.json
index f2c6080..80122d6 100644
--- a/module_index.json
+++ b/module_index.json
@@ -122,7 +122,7 @@
         "author": "Starbeamrainbowlabs",
         "description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
         "id": "page-login",
-        "lastupdate": 1447514093,
+        "lastupdate": 1447515644,
         "optional": false
     },
     {
diff --git a/modules/page-login.php b/modules/page-login.php
index 29a7f09..c12f1a0 100644
--- a/modules/page-login.php
+++ b/modules/page-login.php
@@ -18,9 +18,9 @@ register_module([
 			global $settings;
 			
 			// Build the action url that will actually perform the login
-			$login_form_action_url = "index.php?action=checklogin"
+			$login_form_action_url = "index.php?action=checklogin";
 			if(isset($_GET["returnto"]))
-				$login_form_action_url .= "&returnto=" . rawurlencode($_SERVER['REQUEST_URI']);
+				$login_form_action_url .= "&returnto=" . rawurlencode($_GET["returnto"]);
 			
 			$title = "Login to $settings->sitename";
 			$content = "<h1>Login to $settings->sitename</h1>\n";
@@ -66,8 +66,8 @@ register_module([
 					$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
 					//redirect to wherever the user was going
 					http_response_code(302);
-					if(isset($_POST["returnto"]))
-						header("location: " . $_POST["returnto"]);
+					if(isset($_GET["returnto"]))
+						header("location: " . $_GET["returnto"]);
 					else
 						header("location: index.php");
 					exit();