Mercurial > hg > fapweb

diff usrlogin.php @ 306:6610311ac48e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Improve user login handling.
author Matti Hamalainen <ccr@tnsp.org>
date Tue, 26 Nov 2013 19:51:11 +0200
parents 7181350076c1
children 2f46b6254ff2
line wrap: on
line diff
--- a/usrlogin.php	Tue Nov 26 06:43:43 2013 +0200
+++ b/usrlogin.php	Tue Nov 26 19:51:11 2013 +0200
@@ -24,7 +24,9 @@
 // Authenticate
 //
 $gotoPage = stGetRequestItem("goto", FALSE);
+$errorPage = stGetRequestItem("error", FALSE);
 $password = stGetRequestItem("key", FALSE);
+$error = 0;
 
 $sql = stPrepareSQL("SELECT id FROM votekeys WHERE key=%s", $password);
 if (($votekey_id = stFetchSQLColumn($sql)) !== false)
@@ -32,7 +34,7 @@
   if (!stSessionStart(SESS_USER, $password, "userTimeout"))
   {
     error_log("User session AUTH LOGIN failed (session setup)");
-    $gotoPage = "vote?error=2";
+    $error = 2;
   }
   else
     stSetSessionItem("mode", stGetRequestItem("mode", "error"));
@@ -40,8 +42,11 @@
 else
 {
   error_log("User session AUTH LOGIN failed (password)");
-  $gotoPage = "vote?error=1";
+  $error = 1;
 }
 
-header("Location: ".($gotoPage !== FALSE ? $gotoPage : stGetSetting("defaultPage")));
+$nextPage = ($error != 0) ? $errorPage : $gotoPage;
+
+header("Location: ".($nextPage !== FALSE ? $nextPage : stGetSetting("defaultPage"))
+  ($error ? "?error=".$error : "");
 ?>
\ No newline at end of file