Permalink
Browse files

login_page.php return param is ignored when already logged in

This prevents proper behavior when links to bugs are used from an
external application after the initial authentication

Fixes #13060

Aligned form variables initialization for better code readability

Signed-off-by: Damien Regad <damien.regad@merckgroup.com>
  • Loading branch information...
1 parent 2ef79a9 commit 6a9adc66ba7c27f0f68d02922bd59cfa1a8763f9 Lapinkiller committed with dregad Jun 10, 2011
Showing with 17 additions and 10 deletions.
  1. +17 −10 login_page.php
View
27 login_page.php
@@ -56,20 +56,27 @@
require_api( 'utility_api.php' );
require_css( 'login.css' );
-if ( auth_is_user_authenticated() && !current_user_is_anonymous() ) {
- print_header_redirect( config_get( 'default_home_page' ) );
-}
-
-$f_error = gpc_get_bool( 'error' );
-$f_cookie_error = gpc_get_bool( 'cookie_error' );
-$f_return = string_sanitize_url( gpc_get_string( 'return', '' ) );
-$f_username = gpc_get_string( 'username', '' );
-$f_perm_login = gpc_get_bool( 'perm_login', false );
-$f_secure_session = gpc_get_bool( 'secure_session', false );
+$f_error = gpc_get_bool( 'error' );
+$f_cookie_error = gpc_get_bool( 'cookie_error' );
+$f_return = string_sanitize_url( gpc_get_string( 'return', '' ) );
+$f_username = gpc_get_string( 'username', '' );
+$f_perm_login = gpc_get_bool( 'perm_login', false );
+$f_secure_session = gpc_get_bool( 'secure_session', false );
$f_secure_session_cookie = gpc_get_cookie( config_get_global( 'cookie_prefix' ) . '_secure_session', null );
$t_session_validation = ( ON == config_get_global( 'session_validation' ) );
+// If user is already authenticated and not anonymous
+if( auth_is_user_authenticated() && !current_user_is_anonymous() ) {
+ // If return URL is specified redirect to it; otherwise use default page
+ if( !is_blank( $f_return ) {
+ print_header_redirect( $f_return, false, false, true );
+ }
+ else {
+ print_header_redirect( config_get( 'default_home_page' ) );
+ }
+}
+
# Check for automatic logon methods where we want the logon to just be handled by login.php
if ( auth_automatic_logon_bypass_form() ) {
$t_uri = "login.php";

0 comments on commit 6a9adc6

Please sign in to comment.