mirror of
https://github.com/phpbb/phpbb.git
synced 2025-07-25 19:38:53 +00:00
- fix bug #1727 (need to be watched - problems could arise by this change)
- added a note about login_box() to the coding guidelines git-svn-id: file:///svn/phpbb/trunk@5881 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
parent
3a38f80168
commit
b5608afe03
4 changed files with 26 additions and 14 deletions
|
|
@ -865,6 +865,8 @@ $action_ary = request_var('action', array('' => 0));
|
|||
<h3>Login checks/redirection: </h3>
|
||||
<p>To show a forum login box use <code>login_forum_box($forum_data)</code>, else use the <code>login_box()</code> function.</p>
|
||||
|
||||
<p>The <code>login_box()</code> function could have a redirect as the first parameter. As a thumb of rule, specify an empty string if you want to redirect to the users current location, else do not add the <code>$SID</code> to the redirect string (for example within the ucp/login we redirect to the board index because else the user would be redirected to the login screen).</p>
|
||||
|
||||
<h3>Sensitive Operations: </h3>
|
||||
<p>For sensitive operations always let the user confirm the action. For the confirmation screens, make use of the <code>confirm_box()</code> function.</p>
|
||||
|
||||
|
|
|
|||
|
|
@ -1413,20 +1413,30 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
|
|||
// The result parameter is always an array, holding the relevant informations...
|
||||
if ($result['status'] == LOGIN_SUCCESS)
|
||||
{
|
||||
$redirect = request_var('redirect', "index.$phpEx$SID");
|
||||
meta_refresh(3, $redirect);
|
||||
|
||||
$redirect = request_var('redirect', "index.$phpEx");
|
||||
$message = ($l_success) ? $l_success : $user->lang['LOGIN_REDIRECT'];
|
||||
|
||||
if ($admin)
|
||||
$l_redirect = ($admin) ? $user->lang['PROCEED_TO_ACP'] : (($redirect === "index.$phpEx") ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']);
|
||||
|
||||
// append/replace SID (may change during the session for AOL users)
|
||||
if ($redirect === "index.$phpEx")
|
||||
{
|
||||
$message .= '<br /><br />' . sprintf($user->lang['PROCEED_TO_ACP'], '<a href="' . $redirect . '">', '</a> ');
|
||||
$redirect = "index.$phpEx$SID";
|
||||
}
|
||||
else
|
||||
{
|
||||
$message .= '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a> ');
|
||||
// Remove previously added sid (should not happen)
|
||||
if (strpos($redirect, '?sid='))
|
||||
{
|
||||
$redirect = preg_replace('/\?sid=[a-z0-9]+(&|&)?/', $SID . '\1', $redirect);
|
||||
}
|
||||
else
|
||||
{
|
||||
$redirect = (strpos($redirect, '?') === false) ? $redirect . $SID : $redirect . str_replace('?', '&', $SID);
|
||||
}
|
||||
}
|
||||
trigger_error($message);
|
||||
|
||||
meta_refresh(3, $redirect);
|
||||
trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>'));
|
||||
}
|
||||
|
||||
// The user wanted to re-authenticate, but something failed - log this
|
||||
|
|
@ -1485,10 +1495,10 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
|
|||
if (!$redirect)
|
||||
{
|
||||
// We just use what the session code determined...
|
||||
$redirect = htmlspecialchars($user->page['page_name'] . $SID . '&' . $user->page['query_string']);
|
||||
$redirect = htmlspecialchars($user->page['page_name'] . (($user->page['query_string']) ? '?' . $user->page['query_string'] : ''));
|
||||
}
|
||||
|
||||
$s_hidden_fields = build_hidden_fields(array('redirect' => $redirect, 'sid' => $SID));
|
||||
$s_hidden_fields = build_hidden_fields(array('redirect' => $redirect, 'sid' => $user->session_id));
|
||||
|
||||
$template->assign_vars(array(
|
||||
'LOGIN_ERROR' => $err,
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ switch ($mode)
|
|||
redirect("index.$phpEx$SID");
|
||||
}
|
||||
|
||||
login_box("index.$phpEx$SID");
|
||||
login_box("index.$phpEx");
|
||||
break;
|
||||
|
||||
case 'logout':
|
||||
|
|
@ -86,7 +86,7 @@ switch ($mode)
|
|||
|
||||
meta_refresh(3, "index.$phpEx$SID");
|
||||
|
||||
$message = $user->lang['LOGOUT_REDIRECT'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . "{$phpbb_root_path}index.$phpEx$SID" . '">', '</a> ');
|
||||
$message = $user->lang['LOGOUT_REDIRECT'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . "{$phpbb_root_path}index.$phpEx$SID" . '">', '</a> ');
|
||||
trigger_error($message);
|
||||
break;
|
||||
|
||||
|
|
@ -103,7 +103,7 @@ switch ($mode)
|
|||
redirect("index.$phpEx$SID");
|
||||
}
|
||||
|
||||
login_box("index.$phpEx$SID");
|
||||
login_box();
|
||||
}
|
||||
|
||||
$template->set_filenames(array(
|
||||
|
|
|
|||
|
|
@ -284,7 +284,7 @@ if (isset($_GET['e']))
|
|||
|
||||
if ($user->data['user_id'] == ANONYMOUS)
|
||||
{
|
||||
login_box("{$phpbb_root_path}$redirect_url&p=$post_id&e=$jump_to", $user->lang['LOGIN_NOTIFY_TOPIC']);
|
||||
login_box("{$phpbb_root_path}viewtopic.$phpEx?f=$forum_id&t=$topic_id&p=$post_id&e=$jump_to", $user->lang['LOGIN_NOTIFY_TOPIC']);
|
||||
}
|
||||
|
||||
if ($jump_to > 0)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue