Store redirect login url in session instead of using url parameter

2015-07-16 22:22:33 -04:00 · 2015-07-16 22:22:33 -04:00 · 493c7c2c74
parent e0d4877126
commit 493c7c2c74
6 changed files with 20 additions and 9 deletions
--- a/app/Controller/Auth.php
+++ b/app/Controller/Auth.php
@ -25,7 +25,6 @@ class Auth extends Base
            'errors' => $errors,
            'values' => $values,
            'no_layout' => true,
-            'redirect_query' => $this->request->getStringParam('redirect_query'),
            'title' => t('Login')
        )));
    }
@ -37,14 +36,15 @@ class Auth extends Base
     */
    public function check()
    {
-        $redirect_query = $this->request->getStringParam('redirect_query');
        $values = $this->request->getValues();
        list($valid, $errors) = $this->authentication->validateForm($values);

        if ($valid) {

-            if ($redirect_query !== '') {
-                $this->response->redirect('?'.urldecode($redirect_query));
+            if (! empty($this->session['login_redirect']) && ! filter_var($this->session['login_redirect'], FILTER_VALIDATE_URL)) {
+                $redirect = $this->session['login_redirect'];
+                unset($this->session['login_redirect']);
+                $this->response->redirect($redirect);
            }

            $this->response->redirect($this->helper->url->to('app', 'index'));
--- a/app/Controller/Base.php
+++ b/app/Controller/Base.php
@ -127,7 +127,8 @@ abstract class Base extends \Core\Base
                $this->response->text('Not Authorized', 401);
            }

-            $this->response->redirect($this->helper->url->to('auth', 'login', array('redirect_query' => urlencode($this->request->getQueryString()))));
+            $this->session['login_redirect'] = $this->request->getUri();
+            $this->response->redirect($this->helper->url->to('auth', 'login'));
        }
    }

--- a/app/Controller/Oauth.php
+++ b/app/Controller/Oauth.php
@ -116,7 +116,6 @@ class Oauth extends Base
                'errors' => array('login' => t('External authentication failed')),
                'values' => array(),
                'no_layout' => true,
-                'redirect_query' => '',
                'title' => t('Login')
            )));
        }
--- a/app/Core/Request.php
+++ b/app/Core/Request.php
@ -162,6 +162,17 @@ class Request
        return isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
    }

+    /**
+     * Returns uri
+     *
+     * @access public
+     * @return string
+     */
+    public function getUri()
+    {
+        return isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '';
+    }
+
    /**
     * Get the user agent
     *
--- a/app/Template/auth/index.php
+++ b/app/Template/auth/index.php
@ -5,7 +5,7 @@
    <?php endif ?>

    <?php if (! HIDE_LOGIN_FORM): ?>
-    <form method="post" action="<?= $this->url->href('auth', 'check', array('redirect_query' => $redirect_query)) ?>">
+    <form method="post" action="<?= $this->url->href('auth', 'check') ?>">

        <?= $this->form->csrf() ?>

@ -17,8 +17,6 @@

        <?= $this->form->checkbox('remember_me', t('Remember Me'), 1, true) ?><br/>

-
-
        <div class="form-actions">
            <input type="submit" value="<?= t('Sign in') ?>" class="btn btn-blue"/>
        </div>
--- a/app/common.php
+++ b/app/common.php
@ -119,4 +119,6 @@ if (ENABLE_URL_REWRITE) {
    // Auth routes
    $container['router']->addRoute('oauth/google', 'oauth', 'google');
    $container['router']->addRoute('oauth/github', 'oauth', 'github');
+    $container['router']->addRoute('login', 'auth', 'login');
+    $container['router']->addRoute('logout', 'auth', 'logout');
 }