From 1d512b4073f293c31e5542054561c044a1848285 Mon Sep 17 00:00:00 2001
From: Peter Rotich <peter@osticket.com>
Date: Wed, 3 Oct 2012 18:29:11 -0400
Subject: [PATCH] Save destination URI when login is triggered and redirect
 user post login to it. Use the actual error message set in Staff::login
 instead of boring "Authentication Required";

---
 scp/login.php     | 15 +++++++--------
 scp/staff.inc.php |  2 +-
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/scp/login.php b/scp/login.php
index 6a28e0f45..5ba5e28e0 100644
--- a/scp/login.php
+++ b/scp/login.php
@@ -19,20 +19,19 @@ if(!defined('INCLUDE_DIR')) die('Fatal Error. Kwaheri!');
 require_once(INCLUDE_DIR.'class.staff.php');
 require_once(INCLUDE_DIR.'class.csrf.php');
 
-$msg=$_SESSION['_staff']['auth']['msg'];
-$msg=$msg?$msg:'Authentication Required';
-if($_POST && (!empty($_POST['username']) && !empty($_POST['passwd']))){
+$dest = $_SESSION['_staff']['auth']['dest'];
+$msg = $_SESSION['_staff']['auth']['msg'];
+$msg = $msg?$msg:'Authentication Required';
+if($_POST) {
     //$_SESSION['_staff']=array(); #Uncomment to disable login strikes.
-    $msg='Invalid login';
-    if(($user=Staff::login($_POST['username'],$_POST['passwd'],$errors))){
-        $dest=$_SESSION['_staff']['auth']['dest'];
+    if(($user=Staff::login($_POST['username'], $_POST['passwd'], $errors))){
         $dest=($dest && (!strstr($dest,'login.php') && !strstr($dest,'ajax.php')))?$dest:'index.php';
         @header("Location: $dest");
         require_once('index.php'); //Just incase header is messed up.
         exit;
-    }elseif(!$errors['err']){
-        $errors['err']='Login error - try again';
     }
+
+    $msg = $errors['err']?$errors['err']:'Invalid login';
 }
 define("OSTSCPINC",TRUE); //Make includes happy!
 include_once(INCLUDE_DIR.'staff/login.tpl.php');
diff --git a/scp/staff.inc.php b/scp/staff.inc.php
index 5dcf60450..decf2c5cd 100644
--- a/scp/staff.inc.php
+++ b/scp/staff.inc.php
@@ -49,7 +49,7 @@ require_once(INCLUDE_DIR.'class.csrf.php');
 
 if(!function_exists('staffLoginPage')) { //Ajax interface can pre-declare the function to  trap expired sessions.
     function staffLoginPage($msg) {
-        $_SESSION['_staff']['auth']['dest']=THISPAGE;
+        $_SESSION['_staff']['auth']['dest']=THISURI;
         $_SESSION['_staff']['auth']['msg']=$msg;
         require(SCP_DIR.'login.php');
         exit;
-- 
GitLab