diff --git a/user.inc.php b/user.inc.php index ae3b233..26f0486 100644 --- a/user.inc.php +++ b/user.inc.php @@ -797,11 +797,22 @@ function user_auth_required($type, $access='') global $config; if(!isset($_SESSION['users_type'])) { message_push(error(i18n("You must login to view that page"))); + $_SESSION['request_uri'] = $_SERVER['REQUEST_URI']; header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type"); exit; } - if($_SESSION['users_type'] != $type) { + if(!is_array($type)) $type = array($type); + + $auth_type = false; + foreach($type as $t) { + if($_SESSION['users_type'] == $t) { + $auth_type = $t; + break; + } + } + + if($auth_type == false) { message_push(error(i18n("You must login to view that page"))); header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type"); exit; @@ -812,19 +823,15 @@ function user_auth_required($type, $access='') exit; } - if($access != '') { - if($type != 'committee') { - echo "CRITICAL ERROR, cannot check access in user_auth_required without specifying type=committee"; - exit; - } + if($auth_type == 'committee' && $access != '') { if(committee_auth_has_access($access) == false) { message_push(error(i18n('You do not have permission to view that page'))); header("Location: {$config['SFIABDIRECTORY']}/committee_main.php"); exit; } } - return true; + return $auth_type; } diff --git a/user_login.php b/user_login.php index d6a2aa0..be96082 100644 --- a/user_login.php +++ b/user_login.php @@ -233,7 +233,13 @@ } } - /* Now finally, take them to whatever main page they logged in for */ + /* Is there a saved requesT_uri from a failed login attempt?, if so + * take them there */ + if(array_key_exists('request_uri', $_SESSION)) { + header("location: {$_SESSION['request_uri']}"); + unset($_SESSION['request_uri']); + exit; + } header("location: {$type}_main.php"); exit; }