makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-27 04:18:55 +00:00
Code Issues Projects Releases Packages Wiki Activity

- fix bug #1727 (need to be watched - problems could arise by this change)

Browse source 
- added a note about login_box() to the coding guidelines


git-svn-id: file:///svn/phpbb/trunk@5881 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2006-05-04 18:25:01 +00:00
parent 3a38f80168
commit b5608afe03
4 changed files with 26 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/docs/coding-guidelines.html
View file

@ -865,6 +865,8 @@ $action_ary = request_var('action', array('' => 0));
<h3>Login checks/redirection: </h3> <h3>Login checks/redirection: </h3>
<p>To show a forum login box use <code>login_forum_box($forum_data)</code>, else use the <code>login_box()</code> function.</p> <p>To show a forum login box use <code>login_forum_box($forum_data)</code>, else use the <code>login_box()</code> function.</p>
<p>The <code>login_box()</code> function could have a redirect as the first parameter. As a thumb of rule, specify an empty string if you want to redirect to the users current location, else do not add the <code>$SID</code> to the redirect string (for example within the ucp/login we redirect to the board index because else the user would be redirected to the login screen).</p>
<h3>Sensitive Operations: </h3> <h3>Sensitive Operations: </h3>
<p>For sensitive operations always let the user confirm the action. For the confirmation screens, make use of the <code>confirm_box()</code> function.</p> <p>For sensitive operations always let the user confirm the action. For the confirmation screens, make use of the <code>confirm_box()</code> function.</p>

28
phpBB/includes/functions.php
View file

@ -1413,20 +1413,30 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
// The result parameter is always an array, holding the relevant informations... // The result parameter is always an array, holding the relevant informations...
if ($result['status'] == LOGIN_SUCCESS) if ($result['status'] == LOGIN_SUCCESS)
{ {
$redirect = request_var('redirect', "index.$phpEx$SID"); $redirect = request_var('redirect', "index.$phpEx");
meta_refresh(3, $redirect);
$message = ($l_success) ? $l_success : $user->lang['LOGIN_REDIRECT']; $message = ($l_success) ? $l_success : $user->lang['LOGIN_REDIRECT'];
$l_redirect = ($admin) ? $user->lang['PROCEED_TO_ACP'] : (($redirect === "index.$phpEx") ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']);
if ($admin) // append/replace SID (may change during the session for AOL users)
if ($redirect === "index.$phpEx")
{ {
$message .= '<br /><br />' . sprintf($user->lang['PROCEED_TO_ACP'], '<a href="' . $redirect . '">', '</a> '); $redirect = "index.$phpEx$SID";
} }
else else
{ {
$message .= '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a> '); // Remove previously added sid (should not happen)
if (strpos($redirect, '?sid='))
{
$redirect = preg_replace('/\?sid=[a-z0-9]+(&|&amp;)?/', $SID . '\1', $redirect);
}
else
{
$redirect = (strpos($redirect, '?') === false) ? $redirect . $SID : $redirect . str_replace('?', '&amp;', $SID);
}
} }
trigger_error($message);
meta_refresh(3, $redirect);
trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>'));
} }
// The user wanted to re-authenticate, but something failed - log this // The user wanted to re-authenticate, but something failed - log this
@ -1485,10 +1495,10 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
if (!$redirect) if (!$redirect)
{ {
// We just use what the session code determined... // We just use what the session code determined...
$redirect = htmlspecialchars($user->page['page_name'] . $SID . '&' . $user->page['query_string']); $redirect = htmlspecialchars($user->page['page_name'] . (($user->page['query_string']) ? '?' . $user->page['query_string'] : ''));
} }
$s_hidden_fields = build_hidden_fields(array('redirect' => $redirect, 'sid' => $SID)); $s_hidden_fields = build_hidden_fields(array('redirect' => $redirect, 'sid' => $user->session_id));
$template->assign_vars(array( $template->assign_vars(array(
'LOGIN_ERROR' => $err, 'LOGIN_ERROR' => $err,

6
phpBB/ucp.php
View file

@ -74,7 +74,7 @@ switch ($mode)
redirect("index.$phpEx$SID"); redirect("index.$phpEx$SID");
} }
login_box("index.$phpEx$SID"); login_box("index.$phpEx");
break; break;
case 'logout': case 'logout':
@ -86,7 +86,7 @@ switch ($mode)
meta_refresh(3, "index.$phpEx$SID"); meta_refresh(3, "index.$phpEx$SID");
$message = $user->lang['LOGOUT_REDIRECT'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . "{$phpbb_root_path}index.$phpEx$SID" . '">', '</a> '); $message = $user->lang['LOGOUT_REDIRECT'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . "{$phpbb_root_path}index.$phpEx$SID" . '">', '</a> ');
trigger_error($message); trigger_error($message);
break; break;
@ -103,7 +103,7 @@ switch ($mode)
redirect("index.$phpEx$SID"); redirect("index.$phpEx$SID");
} }
login_box("index.$phpEx$SID"); login_box();
} }
$template->set_filenames(array( $template->set_filenames(array(

2
phpBB/viewtopic.php
View file

@ -284,7 +284,7 @@ if (isset($_GET['e']))
if ($user->data['user_id'] == ANONYMOUS) if ($user->data['user_id'] == ANONYMOUS)
{ {
login_box("{$phpbb_root_path}$redirect_url&p=$post_id&e=$jump_to", $user->lang['LOGIN_NOTIFY_TOPIC']); login_box("{$phpbb_root_path}viewtopic.$phpEx?f=$forum_id&amp;t=$topic_id&amp;p=$post_id&amp;e=$jump_to", $user->lang['LOGIN_NOTIFY_TOPIC']);
} }
if ($jump_to > 0) if ($jump_to > 0)