diff --git a/scp/login.php b/scp/login.php
index 6a28e0f45130f26f733f8eca82066565f5e2d9dc..5ba5e28e0568afb7626001cc00d76d35b02f2f93 100644
--- a/scp/login.php
+++ b/scp/login.php
@@ -19,20 +19,19 @@ if(!defined('INCLUDE_DIR')) die('Fatal Error. Kwaheri!');
require_once(INCLUDE_DIR.'class.staff.php');
require_once(INCLUDE_DIR.'class.csrf.php');
-$msg=$_SESSION['_staff']['auth']['msg'];
-$msg=$msg?$msg:'Authentication Required';
-if($_POST && (!empty($_POST['username']) && !empty($_POST['passwd']))){
+$dest = $_SESSION['_staff']['auth']['dest'];
+$msg = $_SESSION['_staff']['auth']['msg'];
+$msg = $msg?$msg:'Authentication Required';
+if($_POST) {
//$_SESSION['_staff']=array(); #Uncomment to disable login strikes.
- $msg='Invalid login';
- if(($user=Staff::login($_POST['username'],$_POST['passwd'],$errors))){
- $dest=$_SESSION['_staff']['auth']['dest'];
+ if(($user=Staff::login($_POST['username'], $_POST['passwd'], $errors))){
$dest=($dest && (!strstr($dest,'login.php') && !strstr($dest,'ajax.php')))?$dest:'index.php';
@header("Location: $dest");
require_once('index.php'); //Just incase header is messed up.
exit;
- }elseif(!$errors['err']){
- $errors['err']='Login error - try again';
}
+
+ $msg = $errors['err']?$errors['err']:'Invalid login';
}
define("OSTSCPINC",TRUE); //Make includes happy!
include_once(INCLUDE_DIR.'staff/login.tpl.php');
diff --git a/scp/staff.inc.php b/scp/staff.inc.php
index 5dcf6045042397c1ee806a8df9f0f2b0f28725a3..decf2c5cd624a719f718d5e53e92770fc502ae4c 100644
--- a/scp/staff.inc.php
+++ b/scp/staff.inc.php
@@ -49,7 +49,7 @@ require_once(INCLUDE_DIR.'class.csrf.php');
if(!function_exists('staffLoginPage')) { //Ajax interface can pre-declare the function to trap expired sessions.
function staffLoginPage($msg) {
- $_SESSION['_staff']['auth']['dest']=THISPAGE;
+ $_SESSION['_staff']['auth']['dest']=THISURI;
$_SESSION['_staff']['auth']['msg']=$msg;
require(SCP_DIR.'login.php');
exit;