Save destination URI when login is triggered and redirect user post login to it.

Use the actual error message set in Staff::login instead of boring "Authentication Required";

scp/login.php

@@ -19,20 +19,19 @@ if(!defined('INCLUDE_DIR')) die('Fatal Error. Kwaheri!');
 require_once(INCLUDE_DIR.'class.staff.php');
 require_once(INCLUDE_DIR.'class.csrf.php');
 
-$msg=$_SESSION['_staff']['auth']['msg'];
-$msg=$msg?$msg:'Authentication Required';
-if($_POST && (!empty($_POST['username']) && !empty($_POST['passwd']))){
+$dest = $_SESSION['_staff']['auth']['dest'];
+$msg = $_SESSION['_staff']['auth']['msg'];
+$msg = $msg?$msg:'Authentication Required';
+if($_POST) {
     //$_SESSION['_staff']=array(); #Uncomment to disable login strikes.
-    $msg='Invalid login';
-    if(($user=Staff::login($_POST['username'],$_POST['passwd'],$errors))){
-        $dest=$_SESSION['_staff']['auth']['dest'];
+    if(($user=Staff::login($_POST['username'], $_POST['passwd'], $errors))){
         $dest=($dest && (!strstr($dest,'login.php') && !strstr($dest,'ajax.php')))?$dest:'index.php';
         @header("Location: $dest");
         require_once('index.php'); //Just incase header is messed up.
         exit;
-    }elseif(!$errors['err']){
-        $errors['err']='Login error - try again';
     }
+
+    $msg = $errors['err']?$errors['err']:'Invalid login';
 }
 define("OSTSCPINC",TRUE); //Make includes happy!
 include_once(INCLUDE_DIR.'staff/login.tpl.php');

scp/staff.inc.php

@@ -49,7 +49,7 @@ require_once(INCLUDE_DIR.'class.csrf.php');
 
 if(!function_exists('staffLoginPage')) { //Ajax interface can pre-declare the function to  trap expired sessions.
     function staffLoginPage($msg) {
-        $_SESSION['_staff']['auth']['dest']=THISPAGE;
+        $_SESSION['_staff']['auth']['dest']=THISURI;
         $_SESSION['_staff']['auth']['msg']=$msg;
         require(SCP_DIR.'login.php');
         exit;