From ed6879754d8fd479f855bad0d35ac557e5b77673 Mon Sep 17 00:00:00 2001 From: dave Date: Sun, 24 Jan 2010 06:47:09 +0000 Subject: [PATCH] Remember the page for password changes too, and take them there --- user.inc.php | 10 +++++++++- user_password.php | 7 ++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/user.inc.php b/user.inc.php index 26f0486..f671ec8 100644 --- a/user.inc.php +++ b/user.inc.php @@ -795,6 +795,8 @@ function user_valid_email($str) function user_auth_required($type, $access='') { global $config; + + unset($_SESSION['request_uri']); if(!isset($_SESSION['users_type'])) { message_push(error(i18n("You must login to view that page"))); $_SESSION['request_uri'] = $_SERVER['REQUEST_URI']; @@ -802,8 +804,10 @@ function user_auth_required($type, $access='') exit; } + /* Turn $type into an array */ if(!is_array($type)) $type = array($type); + /* Iterate over all the allowed types and see if this user matches */ $auth_type = false; foreach($type as $t) { if($_SESSION['users_type'] == $t) { @@ -812,18 +816,22 @@ function user_auth_required($type, $access='') } } + /* No match, no access */ if($auth_type == false) { - message_push(error(i18n("You must login to view that page"))); + message_push(error(i18n("You do not have permission to view that page"))); header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type"); exit; } + /* Forward to password expired, remember the target URI */ if($_SESSION['password_expired'] == true) { + $_SESSION['request_uri'] = $_SERVER['REQUEST_URI']; header("location: {$config['SFIABDIRECTORY']}/user_password.php"); exit; } + /* Check committee sub-access */ if($auth_type == 'committee' && $access != '') { if(committee_auth_has_access($access) == false) { message_push(error(i18n('You do not have permission to view that page'))); diff --git a/user_password.php b/user_password.php index 8a0dbe3..bcd941b 100644 --- a/user_password.php +++ b/user_password.php @@ -50,7 +50,12 @@ } - $back_link = "{$type}_main.php"; + if(array_key_exists('request_uri', $_SESSION) + $back_link = $_SESSION['request_uri']; + else + $back_link = "{$type}_main.php"; + unset($_SESSION['request_uri']); + $password_expiry_days = $config["{$type}_password_expiry_days"];