phpBB Question

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Majoraslayer
Forum Commoner
Posts: 64
Joined: Thu Jun 30, 2005 11:50 am
Location: In Your Mind...
Contact:

phpBB Question

Post by Majoraslayer »

I need some help with phpBB. No one is helping me out on the phpbb.com board, so maybe someone on here can. How might I edit login.php to redirect to the previous page if the login was successful? I don't want it to redirect to itself if it has to reload because of a user inputs the wrong info either. Can someone help me figure this out? I'll post the code for phpBB's login.php.

Code: Select all

<?php
/***************************************************************************
 *                                login.php
 *                            -------------------
 *   begin                : Saturday, Feb 13, 2001
 *   copyright            : (C) 2001 The phpBB Group
 *   email                : support@phpbb.com
 *
 *   $Id: login.php,v 1.47.2.16 2004/07/17 13:48:32 acydburn Exp $
 *
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

//
// Allow people to reach login page if
// board is shut down
//
define("IN_LOGIN", true);

define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

//
// Set page ID for session management
//
$userdata = session_pagestart($user_ip, PAGE_LOGIN);
init_userprefs($userdata);
//
// End session management
//

// session id check
if (!empty($HTTP_POST_VARS&#1111;'sid']) || !empty($HTTP_GET_VARS&#1111;'sid']))
{
	$sid = (!empty($HTTP_POST_VARS&#1111;'sid'])) ? $HTTP_POST_VARS&#1111;'sid'] : $HTTP_GET_VARS&#1111;'sid'];
}
else
{
	$sid = '';
}

if( isset($HTTP_POST_VARS&#1111;'login']) || isset($HTTP_GET_VARS&#1111;'login']) || isset($HTTP_POST_VARS&#1111;'logout']) || isset($HTTP_GET_VARS&#1111;'logout']) )
{
	if( ( isset($HTTP_POST_VARS&#1111;'login']) || isset($HTTP_GET_VARS&#1111;'login']) ) &amp;&amp; !$userdata&#1111;'session_logged_in'] )
	{
		$username = isset($HTTP_POST_VARS&#1111;'username']) ? trim(htmlspecialchars($HTTP_POST_VARS&#1111;'username'])) : '';
		$username = substr(str_replace(&quote;\\'&quote;, &quote;'&quote;, $username), 0, 25);
		$username = str_replace(&quote;'&quote;, &quote;\\'&quote;, $username);
		$password = isset($HTTP_POST_VARS&#1111;'password']) ? $HTTP_POST_VARS&#1111;'password'] : '';

		$sql = &quote;SELECT user_id, username, user_password, user_active, user_level
			FROM &quote; . USERS_TABLE . &quote;
			WHERE username = '&quote; . str_replace(&quote;\\'&quote;, &quote;''&quote;, $username) . &quote;'&quote;;
		if ( !($result = $db-&gt;sql_query($sql)) )
		{
			message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
		}

		if( $row = $db-&gt;sql_fetchrow($result) )
		{
			if( $row&#1111;'user_level'] != ADMIN &amp;&amp; $board_config&#1111;'board_disable'] )
			{
				redirect(append_sid(&quote;index.$phpEx&quote;, true));
			}
			else
			{
				if( md5($password) == $row&#1111;'user_password'] &amp;&amp; $row&#1111;'user_active'] )
				{
					$autologin = ( isset($HTTP_POST_VARS&#1111;'autologin']) ) ? TRUE : 0;

					$session_id = session_begin($row&#1111;'user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin);

					if( $session_id )
					{
						$url = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : &quote;index.$phpEx&quote;;
						redirect(append_sid($url, true));
					}
					else
					{
						message_die(CRITICAL_ERROR, &quote;Couldn't start session : login&quote;, &quote;&quote;, __LINE__, __FILE__);
					}
				}
				else
				{
					$redirect = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : '';
					$redirect = str_replace('?', '&amp;', $redirect);

					if (strstr(urldecode($redirect), &quote;\n&quote;) || strstr(urldecode($redirect), &quote;\r&quote;))
					{
						message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
					}

					$template-&gt;assign_vars(array(
						'META' =&gt; &quote;&lt;meta http-equiv=\&quote;refresh\&quote; content=\&quote;3;url=login.$phpEx?redirect=$redirect\&quote;&gt;&quote;)
					);

					$message = $lang&#1111;'Error_login'] . '&lt;br /&gt;&lt;br /&gt;' . sprintf($lang&#1111;'Click_return_login'], &quote;&lt;a href=\&quote;login.$phpEx?redirect=$redirect\&quote;&gt;&quote;, '&lt;/a&gt;') . '&lt;br /&gt;&lt;br /&gt;' .  sprintf($lang&#1111;'Click_return_index'], '&lt;a href=&quote;' . append_sid(&quote;index.$phpEx&quote;) . '&quote;&gt;', '&lt;/a&gt;');

					message_die(GENERAL_MESSAGE, $message);
				}
			}
		}
		else
		{
			$redirect = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : &quote;&quote;;
			$redirect = str_replace(&quote;?&quote;, &quote;&amp;&quote;, $redirect);

			if (strstr(urldecode($redirect), &quote;\n&quote;) || strstr(urldecode($redirect), &quote;\r&quote;))
			{
				message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
			}

			$template-&gt;assign_vars(array(
				'META' =&gt; &quote;&lt;meta http-equiv=\&quote;refresh\&quote; content=\&quote;3;url=login.$phpEx?redirect=$redirect\&quote;&gt;&quote;)
			);

			$message = $lang&#1111;'Error_login'] . '&lt;br /&gt;&lt;br /&gt;' . sprintf($lang&#1111;'Click_return_login'], &quote;&lt;a href=\&quote;login.$phpEx?redirect=$redirect\&quote;&gt;&quote;, '&lt;/a&gt;') . '&lt;br /&gt;&lt;br /&gt;' .  sprintf($lang&#1111;'Click_return_index'], '&lt;a href=&quote;' . append_sid(&quote;index.$phpEx&quote;) . '&quote;&gt;', '&lt;/a&gt;');

			message_die(GENERAL_MESSAGE, $message);
		}
	}
	else if( ( isset($HTTP_GET_VARS&#1111;'logout']) || isset($HTTP_POST_VARS&#1111;'logout']) ) &amp;&amp; $userdata&#1111;'session_logged_in'] )
	{
		if( $userdata&#1111;'session_logged_in'] )
		{
			session_end($userdata&#1111;'session_id'], $userdata&#1111;'user_id']);
		}

		if (!empty($HTTP_POST_VARS&#1111;'redirect']) || !empty($HTTP_GET_VARS&#1111;'redirect']))
		{
			$url = (!empty($HTTP_POST_VARS&#1111;'redirect'])) ? htmlspecialchars($HTTP_POST_VARS&#1111;'redirect']) : htmlspecialchars($HTTP_GET_VARS&#1111;'redirect']);
			$url = str_replace('&amp;amp;', '&amp;', $url);
			redirect(append_sid($url, true));
		}
		else
		{
			redirect(append_sid(&quote;index.$phpEx&quote;, true));
		}
	}
	else
	{
		$url = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : &quote;index.$phpEx&quote;;
		redirect(append_sid($url, true));
	}
}
else
{
	//
	// Do a full login page dohickey if
	// user not already logged in
	//
	if( !$userdata&#1111;'session_logged_in'] )
	{
		$page_title = $lang&#1111;'Login'];
		include($phpbb_root_path . 'includes/page_header.'.$phpEx);

		$template-&gt;set_filenames(array(
			'body' =&gt; 'login_body.tpl')
		);

		if( isset($HTTP_POST_VARS&#1111;'redirect']) || isset($HTTP_GET_VARS&#1111;'redirect']) )
		{
			$forward_to = $HTTP_SERVER_VARS&#1111;'QUERY_STRING'];

			if( preg_match(&quote;/^redirect=(&#1111;a-z0-9\.#\/\?&amp;=\+\-_]+)/si&quote;, $forward_to, $forward_matches) )
			{
				$forward_to = ( !empty($forward_matches&#1111;3]) ) ? $forward_matches&#1111;3] : $forward_matches&#1111;1 don't want it to redirect to itself if it has to reload because of a user inputs the wrong info either.  Can someone help me figure this out?  I'll post the code for phpBB's login.php.

Code: Select all

<?php
/***************************************************************************
 *                                login.php
 *                            -------------------
 *   begin                : Saturday, Feb 13, 2001
 *   copyright            : (C) 2001 The phpBB Group
 *   email                : support@phpbb.com
 *
 *   $Id: login.php,v 1.47.2.16 2004/07/17 13:48:32 acydburn Exp $
 *
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

//
// Allow people to reach login page if
// board is shut down
//
define(&quote;IN_LOGIN&quote;, true);

define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

//
// Set page ID for session management
//
$userdata = session_pagestart($user_ip, PAGE_LOGIN);
init_userprefs($userdata);
//
// End session management
//

// session id check
if (!empty($HTTP_POST_VARS&#1111;'sid']) || !empty($HTTP_GET_VARS&#1111;'sid']))
{
	$sid = (!empty($HTTP_POST_VARS&#1111;'sid'])) ? $HTTP_POST_VARS&#1111;'sid'] : $HTTP_GET_VARS&#1111;'sid'];
}
else
{
	$sid = '';
}

if( isset($HTTP_POST_VARS&#1111;'login']) || isset($HTTP_GET_VARS&#1111;'login']) || isset($HTTP_POST_VARS&#1111;'logout']) || isset($HTTP_GET_VARS&#1111;'logout']) )
{
	if( ( isset($HTTP_POST_VARS&#1111;'login']) || isset($HTTP_GET_VARS&#1111;'login']) ) &amp;&amp; !$userdata&#1111;'session_logged_in'] )
	{
		$username = isset($HTTP_POST_VARS&#1111;'username']) ? trim(htmlspecialchars($HTTP_POST_VARS&#1111;'username'])) : '';
		$username = substr(str_replace(&quote;\\'&quote;, &quote;'&quote;, $username), 0, 25);
		$username = str_replace(&quote;'&quote;, &quote;\\'&quote;, $username);
		$password = isset($HTTP_POST_VARS&#1111;'password']) ? $HTTP_POST_VARS&#1111;'password'] : '';

		$sql = &quote;SELECT user_id, username, user_password, user_active, user_level
			FROM &quote; . USERS_TABLE . &quote;
			WHERE username = '&quote; . str_replace(&quote;\\'&quote;, &quote;''&quote;, $username) . &quote;'&quote;;
		if ( !($result = $db-&gt;sql_query($sql)) )
		{
			message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
		}

		if( $row = $db-&gt;sql_fetchrow($result) )
		{
			if( $row&#1111;'user_level'] != ADMIN &amp;&amp; $board_config&#1111;'board_disable'] )
			{
				redirect(append_sid(&quote;index.$phpEx&quote;, true));
			}
			else
			{
				if( md5($password) == $row&#1111;'user_password'] &amp;&amp; $row&#1111;'user_active'] )
				{
					$autologin = ( isset($HTTP_POST_VARS&#1111;'autologin']) ) ? TRUE : 0;

					$session_id = session_begin($row&#1111;'user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin);

					if( $session_id )
					{
						$url = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : &quote;index.$phpEx&quote;;
						redirect(append_sid($url, true));
					}
					else
					{
						message_die(CRITICAL_ERROR, &quote;Couldn't start session : login&quote;, &quote;&quote;, __LINE__, __FILE__);
					}
				}
				else
				{
					$redirect = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : '';
					$redirect = str_replace('?', '&amp;', $redirect);

					if (strstr(urldecode($redirect), &quote;\n&quote;) || strstr(urldecode($redirect), &quote;\r&quote;))
					{
						message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
					}

					$template-&gt;assign_vars(array(
						'META' =&gt; &quote;&lt;meta http-equiv=\&quote;refresh\&quote; content=\&quote;3;url=login.$phpEx?redirect=$redirect\&quote;&gt;&quote;)
					);

					$message = $lang&#1111;'Error_login'] . '&lt;br /&gt;&lt;br /&gt;' . sprintf($lang&#1111;'Click_return_login'], &quote;&lt;a href=\&quote;login.$phpEx?redirect=$redirect\&quote;&gt;&quote;, '&lt;/a&gt;') . '&lt;br /&gt;&lt;br /&gt;' .  sprintf($lang&#1111;'Click_return_index'], '&lt;a href=&quote;' . append_sid(&quote;index.$phpEx&quote;) . '&quote;&gt;', '&lt;/a&gt;');

					message_die(GENERAL_MESSAGE, $message);
				}
			}
		}
		else
		{
			$redirect = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : &quote;&quote;;
			$redirect = str_replace(&quote;?&quote;, &quote;&amp;&quote;, $redirect);

			if (strstr(urldecode($redirect), &quote;\n&quote;) || strstr(urldecode($redirect), &quote;\r&quote;))
			{
				message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
			}

			$template-&gt;assign_vars(array(
				'META' =&gt; &quote;&lt;meta http-equiv=\&quote;refresh\&quote; content=\&quote;3;url=login.$phpEx?redirect=$redirect\&quote;&gt;&quote;)
			);

			$message = $lang&#1111;'Error_login'] . '&lt;br /&gt;&lt;br /&gt;' . sprintf($lang&#1111;'Click_return_login'], &quote;&lt;a href=\&quote;login.$phpEx?redirect=$redirect\&quote;&gt;&quote;, '&lt;/a&gt;') . '&lt;br /&gt;&lt;br /&gt;' .  sprintf($lang&#1111;'Click_return_index'], '&lt;a href=&quote;' . append_sid(&quote;index.$phpEx&quote;) . '&quote;&gt;', '&lt;/a&gt;');

			message_die(GENERAL_MESSAGE, $message);
		}
	}
	else if( ( isset($HTTP_GET_VARS&#1111;'logout']) || isset($HTTP_POST_VARS&#1111;'logout']) ) &amp;&amp; $userdata&#1111;'session_logged_in'] )
	{
		if( $userdata&#1111;'session_logged_in'] )
		{
			session_end($userdata&#1111;'session_id'], $userdata&#1111;'user_id']);
		}

		if (!empty($HTTP_POST_VARS&#1111;'redirect']) || !empty($HTTP_GET_VARS&#1111;'redirect']))
		{
			$url = (!empty($HTTP_POST_VARS&#1111;'redirect'])) ? htmlspecialchars($HTTP_POST_VARS&#1111;'redirect']) : htmlspecialchars($HTTP_GET_VARS&#1111;'redirect']);
			$url = str_replace('&amp;amp;', '&amp;', $url);
			redirect(append_sid($url, true));
		}
		else
		{
			redirect(append_sid(&quote;index.$phpEx&quote;, true));
		}
	}
	else
	{
		$url = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : &quote;index.$phpEx&quote;;
		redirect(append_sid($url, true));
	}
}
else
{
	//
	// Do a full login page dohickey if
	// user not already logged in
	//
	if( !$userdata&#1111;'session_logged_in'] )
	{
		$page_title = $lang&#1111;'Login'];
		include($phpbb_root_path . 'includes/page_header.'.$phpEx);

		$template-&gt;set_filenames(array(
			'body' =&gt; 'login_body.tpl')
		);

		if( isset($HTTP_POST_VARS&#1111;'redirect']) || isset($HTTP_GET_VARS&#1111;'redirect']) )
		{
			$forward_to = $HTTP_SERVER_VARS&#1111;'QUERY_STRING'];

			if( preg_match(&quote;/^redirect=(&#1111;a-z0-9\.#\/\?&amp;=\+\-_]+)/si&quote;, $forward_to, $forward_matches) )
			{
				$forward_to = ( !empty($forward_matches&#1111;3]) ) ? $forward_matches&#1111;3] : $forward_matches&#1111;1];
				$forward_match = explode('&amp;', $forward_to);

				if(count($forward_match) &gt; 1)
				{
					$forward_page = '';

					for($i = 1; $i &lt; count($forward_match); $i++)
					{
						if( !ereg(&quote;sid=&quote;, $forward_match&#1111;$i]) )
						{
							if( $forward_page != '' )
							{
								$forward_page .= '&amp;';
							}
							$forward_page .= $forward_match&#1111;$i];
						}
					}
					$forward_page = $forward_match&#1111;0] . '?' . $forward_page;
				}
				else
				{
					$forward_page = $forward_match&#1111;0];
				}
			}
		}
		else
		{
			$forward_page = '';
		}

		$username = ( $userdata&#1111;'user_id'] != ANONYMOUS ) ? $userdata&#1111;'username'] : '';

		$s_hidden_fields = '&lt;input type=&quote;hidden&quote; name=&quote;redirect&quote; value=&quote;' . $forward_page . '&quote; /&gt;';

		make_jumpbox('viewforum.'.$phpEx, $forum_id);
		$template-&gt;assign_vars(array(
			'USERNAME' =&gt; $username,

			'L_ENTER_PASSWORD' =&gt; $lang&#1111;'Enter_password'],
			'L_SEND_PASSWORD' =&gt; $lang&#1111;'Forgotten_password'],

			'U_SEND_PASSWORD' =&gt; append_sid(&quote;profile.$phpEx?mode=sendpassword&quote;),

			'S_HIDDEN_FIELDS' =&gt; $s_hidden_fields)
		);

		$template-&gt;pparse('body');

		include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
	}
	else
	{
		redirect(append_sid(&quote;index.$phpEx&quote;, true));
	}
?&ahp,v 1.47.2.16 2004/07/17 13:48:32 acydburn Exp $
 *
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

//
// Allow people to reach login page if
// board is shut down
//
define(&quote;IN_LOGIN&quote;, true);

define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

//
// Set page ID for session management
//
$userdata = session_pagestart($user_ip, PAGE_LOGIN);
init_userprefs($userdata);
//
// End session management
//

// session id check
if (!empty($HTTP_POST_VARS&#1111;'sid']) || !empty($HTTP_GET_VARS&#1111;'sid']))
{
	$sid = (!empty($HTTP_POST_VARS&#1111;'sid'])) ? $HTTP_POST_VARS&#1111;'sid'] : $HTTP_GET_VARS&#1111;'sid'];
}
else
{
	$sid = '';
}

if( isset($HTTP_POST_VARS&#1111;'login']) || isset($HTTP_GET_VARS&#1111;'login']) || isset($HTTP_POST_VARS&#1111;'logout']) || isset($HTTP_GET_VARS&#1111;'logout']) )
{
	if( ( isset($HTTP_POST_VARS&#1111;'login']) || isset($HTTP_GET_VARS&#1111;'login']) ) &amp;&amp; !$userdata&#1111;'session_logged_in'] )
	{
		$username = isset($HTTP_POST_VARS&#1111;'username']) ? trim(htmlspecialchars($HTTP_POST_VARS&#1111;'username'])) : '';
		$username = substr(str_replace(&quote;\\'&quote;, &quote;'&quote;, $username), 0, 25);
		$username = str_replace(&quote;'&quote;, &quote;\\'&quote;, $username);
		$password = isset($HTTP_POST_VARS&#1111;'password']) ? $HTTP_POST_VARS&#1111;'password'] : '';

		$sql = &quote;SELECT user_id, username, user_password, user_active, user_level
			FROM &quote; . USERS_TABLE . &quote;
			WHERE username = '&quote; . str_replace(&quote;\\'&quote;, &quote;''&quote;, $username) . &quote;'&quote;;
		if ( !($result = $db-&gt;sql_query($sql)) )
		{
			message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
		}

		if( $row = $db-&gt;sql_fetchrow($result) )
		{
			if( $row&#1111;'user_level'] != ADMIN &amp;&amp; $board_config&#1111;'board_disable'] )
			{
				redirect(append_sid(&quote;index.$phpEx&quote;, true));
			}
			else
			{
				if( md5($password) == $row&#1111;'user_password'] &amp;&amp; $row&#1111;'user_active'] )
				{
					$autologin = ( isset($HTTP_POST_VARS&#1111;'autologin']) ) ? TRUE : 0;

					$session_id = session_begin($row&#1111;'user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin);

					if( $session_id )
					{
						$url = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : &quote;index.$phpEx&quote;;
						redirect(append_sid($url, true));
					}
					else
					{
						message_die(CRITICAL_ERROR, &quote;Couldn't start session : login&quote;, &quote;&quote;, __LINE__, __FILE__);
					}
				}
				else
				{
					$redirect = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : '';
					$redirect = str_replace('?', '&amp;', $redirect);

					if (strstr(urldecode($redirect), &quote;\n&quote;) || strstr(urldecode($redirect), &quote;\r&quote;))
					{
						message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
					}

					$template-&gt;assign_vars(array(
						'META' =&gt; &quote;&lt;meta http-equiv=\&quote;refresh\&quote; content=\&quote;3;url=login.$phpEx?redirect=$redirect\&quote;&gt;&quote;)
					);

					$message = $lang&#1111;'Error_login'] . '&lt;br /&gt;&lt;br /&gt;' . sprintf($lang&#1111;'Click_return_login'], &quote;&lt;a href=\&quote;login.$phpEx?redirect=$redirect\&quote;&gt;&quote;, '&lt;/a&gt;') . '&lt;br /&gt;&lt;br /&gt;' .  sprintf($lang&#1111;'Click_return_index'], '&lt;a href=&quote;' . append_sid(&quote;index.$phpEx&quote;) . '&quote;&gt;', '&lt;/a&gt;');

					message_die(GENERAL_MESSAGE, $message);
				}
			}
		}
		else
		{
			$redirect = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : &quote;&quote;;
			$redirect = str_replace(&quote;?&quote;, &quote;&amp;&quote;, $redirect);

			if (strstr(urldecode($redirect), &quote;\n&quote;) || strstr(urldecode($redirect), &quote;\r&quote;))
			{
				message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
			}

			$template-&gt;assign_vars(array(
				'META' =&gt; &quote;&lt;meta http-equiv=\&quote;refresh\&quote; content=\&quote;3;url=login.$phpEx?redirect=$redirect\&quote;&gt;&quote;)
			);

			$message = $lang&#1111;'Error_login'] . '&lt;br /&gt;&lt;br /&gt;' . sprintf($lang&#1111;'Click_return_login'], &quote;&lt;a href=\&quote;login.$phpEx?redirect=$redirect\&quote;&gt;&quote;, '&lt;/a&gt;') . '&lt;br /&gt;&lt;br /&gt;' .  sprintf($lang&#1111;'Click_return_index'], '&lt;a href=&quote;' . append_sid(&quote;index.$phpEx&quote;) . '&quote;&gt;', '&lt;/a&gt;');

			message_die(GENERAL_MESSAGE, $message);
		}
	}
	else if( ( isset($HTTP_GET_VARS&#1111;'logout']) || isset($HTTP_POST_VARS&#1111;'logout']) ) &amp;&amp; $userdata&#1111;'session_logged_in'] )
	{
		if( $userdata&#1111;'session_logged_in'] )
		{
			session_end($userdata&#1111;'session_id'], $userdata&#1111;'user_id']);
		}

		if (!empty($HTTP_POST_VARS&#1111;'redirect']) || !empty($HTTP_GET_VARS&#1111;'redirect']))
		{
			$url = (!empty($HTTP_POST_VARS&#1111;'redirect'])) ? htmlspecialchars($HTTP_POST_VARS&#1111;'redirect']) : htmlspecialchars($HTTP_GET_VARS&#1111;'redirect']);
			$url = str_replace('&amp;amp;', '&amp;', $url);
			redirect(append_sid($url, true));
		}
		else
		{
			redirect(append_sid(&quote;index.$phpEx&quote;, true));
		}
	}
	else
	{
		$url = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : &quote;index.$phpEx&quote;;
		redirect(append_sid($url, true));
	}
}
else
{
	//
	// Do a full login page dohickey if
	// user not already logged in
	//
	if( !$userdata&#1111;'session_logged_in'] )
	{
		$page_title = $lang&#1111;'Login'];
		include($phpbb_root_path . 'includes/page_header.'.$phpEx);

		$template-&gt;set_filenames(array(
			'body' =&gt; 'login_body.tpl')
		);

		if( isset($HTTP_POST_VARS&#1111;'redirect']) || isset($HTTP_GET_VARS&#1111;'redirect']) )
		{
			$forward_to = $HTTP_SERVER_VARS&#1111;'QUERY_STRING'];

			if( preg_match(&quote;/^redirect=(&#1111;a-z0-9\.#\/\?&amp;=\+\-_]+)/si&quote;, $forward_to, $forward_matches) )
			{
				$forward_to = ( !empty($forward_matches&#1111;3]) ) ? $forward_matches&#1111;3] : $forward_matches&#1111;1];
				$forward_match = explode('&amp;', $forward_to);

				if(count($forward_match) &gt; 1)
				{
					$forward_page = '';

					for($i = 1; $i &lt; count($forward_match); $i++)
					{
						if( !ereg(&quote;sid=&quote;, $forward_match&#1111;$i]) )
						{
							if( $forward_page != '' )
							{
								$forward_page .= '&amp;';
							}
							he phpbb.com board, so maybe someone on here can.  How might I edit login.php to redirect to the previous page if the login was successful?  I don't want it to redirect to itself if it has to reload because of a user inputs the wrong info either.  Can someone help me figure this out?  I'll post the code for phpBB's login.php.

Code: Select all

<?php
/***************************************************************************
 *                                login.php
 *                            -------------------
 *   begin                : Saturday, Feb 13, 2001
 *   copyright            : (C) 2001 The phpBB Group
 *   email                : support@phpbb.com
 *
 *   $Id: login.php,v 1.47.2.16 2004/07/17 13:48:32 acydburn Exp $
 *
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

//
// Allow people to reach login page if
// board is shut down
//
define(&quote;IN_LOGIN&quote;, true);

define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

//
// Set page ID for session management
//
$userdata = session_pagestart($user_ip, PAGE_LOGIN);
init_userprefs($userdata);
//
// End session management
//

// session id check
if (!empty($HTTP_POST_VARS&#1111;'sid']) || !empty($HTTP_GET_VARS&#1111;'sid']))
{
	$sid = (!empty($HTTP_POST_VARS&#1111;'sid'])) ? $HTTP_POST_VARS&#1111;'sid'] : $HTTP_GET_VARS&#1111;'sid'];
}
else
{
	$sid = '';
}

if( isset($HTTP_POST_VARS&#1111;'login']) || isset($HTTP_GET_VARS&#1111;'login']) || isset($HTTP_POST_VARS&#1111;'logout']) || isset($HTTP_GET_VARS&#1111;'logout']) )
{
	if( ( isset($HTTP_POST_VARS&#1111;'login']) || isset($HTTP_GET_VARS&#1111;'login']) ) &amp;&amp; !$userdata&#1111;'session_logged_in'] )
	{
		$username = isset($HTTP_POST_VARS&#1111;'username']) ? trim(htmlspecialchars($HTTP_POST_VARS&#1111;'username'])) : '';
		$username = substr(str_replace(&quote;\\'&quote;, &quote;'&quote;, $username), 0, 25);
		$username = str_replace(&quote;'&quote;, &quote;\\'&quote;, $username);
		$password = isset($HTTP_POST_VARS&#1111;'password']) ? $HTTP_POST_VARS&#1111;'password'] : '';

		$sql = &quote;SELECT user_id, username, user_password, user_active, user_level
			FROM &quote; . USERS_TABLE . &quote;
			WHERE username = '&quote; . str_replace(&quote;\\'&quote;, &quote;''&quote;, $username) . &quote;'&quote;;
		if ( !($result = $db-&gt;sql_query($sql)) )
		{
			message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
		}

		if( $row = $db-&gt;sql_fetchrow($result) )
		{
			if( $row&#1111;'user_level'] != ADMIN &amp;&amp; $board_config&#1111;'board_disable'] )
			{
				redirect(append_sid(&quote;index.$phpEx&quote;, true));
			}
			else
			{
				if( md5($password) == $row&#1111;'user_password'] &amp;&amp; $row&#1111;'user_active'] )
				{
					$autologin = ( isset($HTTP_POST_VARS&#1111;'autologin']) ) ? TRUE : 0;

					$session_id = session_begin($row&#1111;'user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin);

					if( $session_id )
					{
						$url = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : &quote;index.$phpEx&quote;;
						redirect(append_sid($url, true));
					}
					else
					{
						message_die(CRITICAL_ERROR, &quote;Couldn't start session : login&quote;, &quote;&quote;, __LINE__, __FILE__);
					}
				}
				else
				{
					$redirect = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : '';
					$redirect = str_replace('?', '&amp;', $redirect);

					if (strstr(urldecode($redirect), &quote;\n&quote;) || strstr(urldecode($redirect), &quote;\r&quote;))
					{
						message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
					}

					$template-&gt;assign_vars(array(
						'META' =&gt; &quote;&lt;meta http-equiv=\&quote;refresh\&quote; content=\&quote;3;url=login.$phpEx?redirect=$redirect\&quote;&gt;&quote;)
					);

					$message = $lang&#1111;'Error_login'] . '&lt;br /&gt;&lt;br /&gt;' . sprintf($lang&#1111;'Click_return_login'], &quote;&lt;a href=\&quote;login.$phpEx?redirect=$redirect\&quote;&gt;&quote;, '&lt;/a&gt;') . '&lt;br /&gt;&lt;br /&gt;' .  sprintf($lang&#1111;'Click_return_index'], '&lt;a href=&quote;' . append_sid(&quote;index.$phpEx&quote;) . '&quote;&gt;', '&lt;/a&gt;');

					message_die(GENERAL_MESSAGE, $message);
				}
			}
		}
		else
		{
			$redirect = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : &quote;&quote;;
			$redirect = str_replace(&quote;?&quote;, &quote;&amp;&quote;, $redirect);

			if (strstr(urldecode($redirect), &quote;\n&quote;) || strstr(urldecode($redirect), &quote;\r&quote;))
			{
				message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
			}

			$template-&gt;assign_vars(array(
				'META' =&gt; &quote;&lt;meta http-equiv=\&quote;refresh\&quote; content=\&quote;3;url=login.$phpEx?redirect=$redirect\&quote;&gt;&quote;)
			);

			$message = $lang&#1111;'Error_login'] . '&lt;br /&gt;&lt;br /&gt;' . sprintf($lang&#1111;'Click_return_login'], &quote;&lt;a href=\&quote;login.$phpEx?redirect=$redirect\&quote;&gt;&quote;, '&lt;/a&gt;') . '&lt;br /&gt;&lt;br /&gt;' .  sprintf($lang&#1111;'Click_return_index'], '&lt;a href=&quote;' . append_sid(&quote;index.$phpEx&quote;) . '&quote;&gt;', '&lt;/a&gt;');

			message_die(GENERAL_MESSAGE, $message);
		}
	}
	else if( ( isset($HTTP_GET_VARS&#1111;'logout']) || isset($HTTP_POST_VARS&#1111;'logout']) ) &amp;&amp; $userdata&#1111;'session_logged_in'] )
	{
		if( $userdata&#1111;'session_logged_in'] )
		{
			session_end($userdata&#1111;'session_id'], $userdata&#1111;'user_id']);
		}

		if (!empty($HTTP_POST_VARS&#1111;'redirect']) || !empty($HTTP_GET_VARS&#1111;'redirect']))
		{
			$url = (!empty($HTTP_POST_VARS&#1111;'redirect'])) ? htmlspecialchars($HTTP_POST_VARS&#1111;'redirect']) : htmlspecialchars($HTTP_GET_VARS&#1111;'redirect']);
			$url = str_replace('&amp;amp;', '&amp;', $url);
			redirect(append_sid($url, true));
		}
		else
		{
			redirect(append_sid(&quote;index.$phpEx&quote;, true));
		}
	}
	else
	{
		$url = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : &quote;index.$phpEx&quote;;
		redirect(append_sid($url, true));
	}
}
else
{
	//
	// Do a full login page dohickey if
	// user not already logged in
	//
	if( !$userdata&#1111;'session_logged_in'] )
	{
		$page_title = $lang&#1111;'Login'];
		include($phpbb_root_path . 'includes/page_header.'.$phpEx);

		$template-&gt;set_filenames(array(
			'body' =&gt; 'login_body.tpl')
		);

		if( isset($HTTP_POST_VARS&#1111;'redirect']) || isset($HTTP_GET_VARS&#1111;'redirect']) )
		{
			$forward_to = $HTTP_SERVER_VARS&#1111;'QUERY_STRING'];

			if( preg_match(&quote;/^redirect=(&#1111;a-z0-9\.#\/\?&amp;=\+\-_]+)/si&quote;, $forward_to, $forward_matches) )
			{
				$forward_to = ( !empty($forward_matches&#1111;3]) ) ? $forward_matches&#1111;3] : $forward_matches&#1111;1];
				$forward_match = explode('&amp;', $forward_to);

				if(count($forward_match) &gt; 1)
				{
					$forward_page = '';

					for($i = 1; $i &lt; count($forward_match); $i++)
					{
						if( !ereg(&quote;sid=&quote;, $forward_match&#1111;$i]) )
						{
							if( $forward_page != '' )
							{
								$forward_page .= '&amp;';
							}
							$forward_page .= $forward_match&#1111;$i];
						}
					}
					$forward_page = $forward_match&#1111;0] . '?' . $forward_page;
				}
				else
				{
					$forward_page = $forward_match&#1111;0];
				}
			}
		}
		else
		{
			$forward_page = '';
		}

		$username = ( $userdata&#1111;'user_id'] != ANONYMOUS ) ? $userdata&#1111;'username'] : '';

		$s_hidden_fields = '&lt;input type=&quote;hidden&quote; name=&quote;redirect&quote; value=&quote;' . $forward_page . '&quote; /&gt;';

		make_jumpbox('viewforum.'.$phpEx, $forum_id);
		$template-&gt;assign_vars(array(
			'USERNAME' =&gt; $username,

			'L_ENTER_PASSWORD' =&gt; $lang&#1111;'Enterthe previous page if the login was successful?  I don't want it to redirect to itself if it has to reload because of a user inputs the wrong info either.  Can someone help me figure this out?  I'll post the code for phpBB's login.php.

Code: Select all

&lt;?php
/***************************************************************************
 *                                login.php
 *                            -------------------
 *   begin                : Saturday, Feb 13, 2001
 *   copyright            : (C) 2001 The phpBB Group
 *   email                : support@phpbb.com
 *
 *   $Id: login.php,v 1.47.2.16 2004/07/17 13:48:32 acydburn Exp $
 *
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

//
// Allow people to reach login page if
// board is shut down
//
define(&quote;IN_LOGIN&quote;, true);

define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

//
// Set page ID for session management
//
$userdata = session_pagestart($user_ip, PAGE_LOGIN);
init_userprefs($userdata);
//
// End session management
//

// session id check
if (!empty($HTTP_POST_VARS&#1111;'sid']) || !empty($HTTP_GET_VARS&#1111;'sid']))
{
	$sid = (!empty($HTTP_POST_VARS&#1111;'sid'])) ? $HTTP_POST_VARS&#1111;'sid'] : $HTTP_GET_VARS&#1111;'sid'];
}
else
{
	$sid = '';
}

if( isset($HTTP_POST_VARS&#1111;'login']) || isset($HTTP_GET_VARS&#1111;'login']) || isset($HTTP_POST_VARS&#1111;'logout']) || isset($HTTP_GET_VARS&#1111;'logout']) )
{
	if( ( isset($HTTP_POST_VARS&#1111;'login']) || isset($HTTP_GET_VARS&#1111;'login']) ) &amp;&amp; !$userdata&#1111;'session_logged_in'] )
	{
		$username = isset($HTTP_POST_VARS&#1111;'username']) ? trim(htmlspecialchars($HTTP_POST_VARS&#1111;'username'])) : '';
		$username = substr(str_replace(&quote;\\'&quote;, &quote;'&quote;, $username), 0, 25);
		$username = str_replace(&quote;'&quote;, &quote;\\'&quote;, $username);
		$password = isset($HTTP_POST_VARS&#1111;'password']) ? $HTTP_POST_VARS&#1111;'password'] : '';

		$sql = &quote;SELECT user_id, username, user_password, user_active, user_level
			FROM &quote; . USERS_TABLE . &quote;
			WHERE username = '&quote; . str_replace(&quote;\\'&quote;, &quote;''&quote;, $username) . &quote;'&quote;;
		if ( !($result = $db-&gt;sql_query($sql)) )
		{
			message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
		}

		if( $row = $db-&gt;sql_fetchrow($result) )
		{
			if( $row&#1111;'user_level'] != ADMIN &amp;&amp; $board_config&#1111;'board_disable'] )
			{
				redirect(append_sid(&quote;index.$phpEx&quote;, true));
			}
			else
			{
				if( md5($password) == $row&#1111;'user_password'] &amp;&amp; $row&#1111;'user_active'] )
				{
					$autologin = ( isset($HTTP_POST_VARS&#1111;'autologin']) ) ? TRUE : 0;

					$session_id = session_begin($row&#1111;'user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin);

					if( $session_id )
					{
						$url = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : &quote;index.$phpEx&quote;;
						redirect(append_sid($url, true));
					}
					else
					{
						message_die(CRITICAL_ERROR, &quote;Couldn't start session : login&quote;, &quote;&quote;, __LINE__, __FILE__);
					}
				}
				else
				{
					$redirect = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : '';
					$redirect = str_replace('?', '&amp;', $redirect);

					if (strstr(urldecode($redirect), &quote;\n&quote;) || strstr(urldecode($redirect), &quote;\r&quote;))
					{
						message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
					}

					$template-&gt;assign_vars(array(
						'META' =&gt; &quote;&lt;meta http-equiv=\&quote;refresh\&quote; content=\&quote;3;url=login.$phpEx?redirect=$redirect\&quote;&gt;&quote;)
					);

					$message = $lang&#1111;'Error_login'] . '&lt;br /&gt;&lt;br /&gt;' . sprintf($lang&#1111;'Click_return_login'], &quote;&lt;a href=\&quote;login.$phpEx?redirect=$redirect\&quote;&gt;&quote;, '&lt;/a&gt;') . '&lt;br /&gt;&lt;br /&gt;' .  sprintf($lang&#1111;'Click_return_index'], '&lt;a href=&quote;' . append_sid(&quote;index.$phpEx&quote;) . '&quote;&gt;', '&lt;/a&gt;');

					message_die(GENERAL_MESSAGE, $message);
				}
			}
		}
		else
		{
			$redirect = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : &quote;&quote;;
			$redirect = str_replace(&quote;?&quote;, &quote;&amp;&quote;, $redirect);

			if (strstr(urldecode($redirect), &quote;\n&quote;) || strstr(urldecode($redirect), &quote;\r&quote;))
			{
				message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
			}

			$template-&gt;assign_vars(array(
				'META' =&gt; &quote;&lt;meta http-equiv=\&quote;refresh\&quote; content=\&quote;3;url=login.$phpEx?redirect=$redirect\&quote;&gt;&quote;)
			);

			$message = $lang&#1111;'Error_login'] . '&lt;br /&gt;&lt;br /&gt;' . sprintf($lang&#1111;'Click_return_login'], &quote;&lt;a href=\&quote;login.$phpEx?redirect=$redirect\&quote;&gt;&quote;, '&lt;/a&gt;') . '&lt;br /&gt;&lt;br /&gt;' .  sprintf($lang&#1111;'Click_return_index'], '&lt;a href=&quote;' . append_sid(&quote;index.$phpEx&quote;) . '&quote;&gt;', '&lt;/a&gt;');

			message_die(GENERAL_MESSAGE, $message);
		}
	}
	else if( ( isset($HTTP_GET_VARS&#1111;'logout']) || isset($HTTP_POST_VARS&#1111;'logout']) ) &amp;&amp; $userdata&#1111;'session_logged_in'] )
	{
		if( $userdata&#1111;'session_logged_in'] )
		{
			session_end($userdata&#1111;'session_id'], $userdata&#1111;'user_id']);
		}

		if (!empty($HTTP_POST_VARS&#1111;'redirect']) || !empty($HTTP_GET_VARS&#1111;'redirect']))
		{
			$url = (!empty($HTTP_POST_VARS&#1111;'redirect'])) ? htmlspecialchars($HTTP_POST_VARS&#1111;'redirect']) : htmlspecialchars($HTTP_GET_VARS&#1111;'redirect']);
			$url = str_replace('&amp;amp;', '&amp;', $url);
			redirect(append_sid($url, true));
		}
		else
		{
			redirect(append_sid(&quote;index.$phpEx&quote;, true));
		}
	}
	else
	{
		$url = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : &quote;index.$phpEx&quote;;
		redirect(append_sid($url, true));
	}
}
else
{
	//
	// Do a full login page dohickey if
	// user not already logged in
	//
	if( !$userdata&#1111;'session_logged_in'] )
	{
		$page_title = $lang&#1111;'Login'];
		include($phpbb_root_path . 'includes/page_header.'.$phpEx);

		$template-&gt;set_filenames(array(
			'body' =&gt; 'login_body.tpl')
		);

		if( isset($HTTP_POST_VARS&#1111;'redirect']) || isset($HTTP_GET_VARS&#1111;'redirect']) )
		{
			$forward_to = $HTTP_SERVER_VARS&#1111;'QUERY_STRING'];

			if( preg_match(&quote;/^redirect=(&#1111;a-z0-9\.#\/\?&amp;=\+\-_]+)/si&quote;, $forward_to, $forward_matches) )
			{
				$forward_to = ( !empty($forward_matches&#1111;3]) ) ? $forward_matches&#1111;3] : $forward_matches&#1111;1];
				$forward_match = explode('&amp;', $forward_to);

				if(count($forward_match) &gt; 1)
				{
					$forward_page = '';

					for($i = 1; $i &lt; count($forward_match); $i++)
					{
						if( !ereg(&quote;sid=&quote;, $forward_match&#1111;$i]) )
						{
							if( $forward_page != '' )
							{
								$forward_page .= '&amp;';
							}
							$forward_page .= $forward_match&#1111;$i];
						}
					}
					$forward_page = $forward_match&#1111;0] . '?' . $forward_page;
				}
				else
				{
					$forward_page = $forward_match&#1111;0];
				}
			}
		}
		else
		{
			$forward_page = '';
		}

		$username = ( $userdata&#1111;'user_id'] != ANONYMOUS ) ? $userdata&#1111;'username'] : '';

		$s_hidden_fields = '&lt;input type=&quote;hidden&quote; name=&quote;redirect&quote; value=&quote;' . $forward_page . '&quote; /&gt;';

		make_jumpbox('viewforum.'.$phpEx, $forum_id);
		$template-&gt;assign_vars(array(
			'USERNAME' =&gt; $username,

			'L_ENTER_PASSWORD' =&gt; $lang&#1111;'Enter_password'],
			'L_SEND_PASSWORD' =&gt; $lang&#1111;'Forgotten_password'],

			'U_SEND_PASSWORD' =&gt; append_sid(&quote;profile.$phpEx?mode=sendpassword&quote;),

			'S_HIDDEN_FIELDS' =&gt; $s_hidden_fields)
		);

		$template-&gt;pparse('body');

		include($ph the phpbb.com board, so maybe someone on here can.  How might I edit login.php to redirect to the previous page if the login was successful?  I don't want it to redirect to itself if it has to reload because of a user inputs the wrong info either.  Can someone help me figure this out?  I'll post the code for phpBB's login.php.

Code: Select all

<?php
/***************************************************************************
 *                                login.php
 *                            -------------------
 *   begin                : Saturday, Feb 13, 2001
 *   copyright            : (C) 2001 The phpBB Group
 *   email                : support@phpbb.com
 *
 *   $Id: login.php,v 1.47.2.16 2004/07/17 13:48:32 acydburn Exp $
 *
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

//
// Allow people to reach login page if
// board is shut down
//
define("IN_LOGIN", true);

define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

//
// Set page ID for session management
//
$userdata = session_pagestart($user_ip, PAGE_LOGIN);
init_userprefs($userdata);
//
// End session management
//

// session id check
if (!empty($HTTP_POST_VARS&#1111;'sid']) || !empty($HTTP_GET_VARS&#1111;'sid']))
{
	$sid = (!empty($HTTP_POST_VARS&#1111;'sid'])) ? $HTTP_POST_VARS&#1111;'sid'] : $HTTP_GET_VARS&#1111;'sid'];
}
else
{
	$sid = '';
}

if( isset($HTTP_POST_VARS&#1111;'login']) || isset($HTTP_GET_VARS&#1111;'login']) || isset($HTTP_POST_VARS&#1111;'logout']) || isset($HTTP_GET_VARS&#1111;'logout']) )
{
	if( ( isset($HTTP_POST_VARS&#1111;'login']) || isset($HTTP_GET_VARS&#1111;'login']) ) &amp;&amp; !$userdata&#1111;'session_logged_in'] )
	{
		$username = isset($HTTP_POST_VARS&#1111;'username']) ? trim(htmlspecialchars($HTTP_POST_VARS&#1111;'username'])) : '';
		$username = substr(str_replace(&quote;\\'&quote;, &quote;'&quote;, $username), 0, 25);
		$username = str_replace(&quote;'&quote;, &quote;\\'&quote;, $username);
		$password = isset($HTTP_POST_VARS&#1111;'password']) ? $HTTP_POST_VARS&#1111;'password'] : '';

		$sql = &quote;SELECT user_id, username, user_password, user_active, user_level
			FROM &quote; . USERS_TABLE . &quote;
			WHERE username = '&quote; . str_replace(&quote;\\'&quote;, &quote;''&quote;, $username) . &quote;'&quote;;
		if ( !($result = $db-&gt;sql_query($sql)) )
		{
			message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
		}

		if( $row = $db-&gt;sql_fetchrow($result) )
		{
			if( $row&#1111;'user_level'] != ADMIN &amp;&amp; $board_config&#1111;'board_disable'] )
			{
				redirect(append_sid(&quote;index.$phpEx&quote;, true));
			}
			else
			{
				if( md5($password) == $row&#1111;'user_password'] &amp;&amp; $row&#1111;'user_active'] )
				{
					$autologin = ( isset($HTTP_POST_VARS&#1111;'autologin']) ) ? TRUE : 0;

					$session_id = session_begin($row&#1111;'user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin);

					if( $session_id )
					{
						$url = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : &quote;index.$phpEx&quote;;
						redirect(append_sid($url, true));
					}
					else
					{
						message_die(CRITICAL_ERROR, &quote;Couldn't start session : login&quote;, &quote;&quote;, __LINE__, __FILE__);
					}
				}
				else
				{
					$redirect = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : '';
					$redirect = str_replace('?', '&amp;', $redirect);

					if (strstr(urldecode($redirect), &quote;\n&quote;) || strstr(urldecode($redirect), &quote;\r&quote;))
					{
						message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
					}

					$template-&gt;assign_vars(array(
						'META' =&gt; &quote;&lt;meta http-equiv=\&quote;refresh\&quote; content=\&quote;3;url=login.$phpEx?redirect=$redirect\&quote;&gt;&quote;)
					);

					$message = $lang&#1111;'Error_login'] . '&lt;br /&gt;&lt;br /&gt;' . sprintf($lang&#1111;'Click_return_login'], &quote;&lt;a href=\&quote;login.$phpEx?redirect=$redirect\&quote;&gt;&quote;, '&lt;/a&gt;') . '&lt;br /&gt;&lt;br /&gt;' .  sprintf($lang&#1111;'Click_return_index'], '&lt;a href=&quote;' . append_sid(&quote;index.$phpEx&quote;) . '&quote;&gt;', '&lt;/a&gt;');

					message_die(GENERAL_MESSAGE, $message);
				}
			}
		}
		else
		{
			$redirect = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : &quote;&quote;;
			$redirect = str_replace(&quote;?&quote;, &quote;&amp;&quote;, $redirect);

			if (strstr(urldecode($redirect), &quote;\n&quote;) || strstr(urldecode($redirect), &quote;\r&quote;))
			{
				message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
			}

			$template-&gt;assign_vars(array(
				'META' =&gt; &quote;&lt;meta http-equiv=\&quote;refresh\&quote; content=\&quote;3;url=login.$phpEx?redirect=$redirect\&quote;&gt;&quote;)
			);

			$message = $lang&#1111;'Error_login'] . '&lt;br /&gt;&lt;br /&gt;' . sprintf($lang&#1111;'Click_return_login'], &quote;&lt;a href=\&quote;login.$phpEx?redirect=$redirect\&quote;&gt;&quote;, '&lt;/a&gt;') . '&lt;br /&gt;&lt;br /&gt;' .  sprintf($lang&#1111;'Click_return_index'], '&lt;a href=&quote;' . append_sid(&quote;index.$phpEx&quote;) . '&quote;&gt;', '&lt;/a&gt;');

			message_die(GENERAL_MESSAGE, $message);
		}
	}
	else if( ( isset($HTTP_GET_VARS&#1111;'logout']) || isset($HTTP_POST_VARS&#1111;'logout']) ) &amp;&amp; $userdata&#1111;'session_logged_in'] )
	{
		if( $userdata&#1111;'session_logged_in'] )
		{
			session_end($userdata&#1111;'session_id'], $userdata&#1111;'user_id']);
		}

		if (!empty($HTTP_POST_VARS&#1111;'redirect']) || !empty($HTTP_GET_VARS&#1111;'redirect']))
		{
			$url = (!empty($HTTP_POST_VARS&#1111;'redirect'])) ? htmlspecialchars($HTTP_POST_VARS&#1111;'redirect']) : htmlspecialchars($HTTP_GET_VARS&#1111;'redirect']);
			$url = str_replace('&amp;amp;', '&amp;', $url);
			redirect(append_sid($url, true));
		}
		else
		{
			redirect(append_sid(&quote;index.$phpEx&quote;, true));
		}
	}
	else
	{
		$url = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : &quote;index.$phpEx&quote;;
		redirect(append_sid($url, true));
	}
}
else
{
	//
	// Do a full login page dohickey if
	// user not already logged in
	//
	if( !$userdata&#1111;'session_logged_in'] )
	{
		$page_title = $lang&#1111;'Login'];
		include($phpbb_root_path . 'includes/page_header.'.$phpEx);

		$template-&gt;set_filenames(array(
			'body' =&gt; 'login_body.tpl')
		);

		if( isset($HTTP_POST_VARS&#1111;'redirect']) || isset($HTTP_GET_VARS&#1111;'redirect']) )
		{
			$forward_to = $HTTP_SERVER_VARS&#1111;'QUERY_STRING'];

			if( preg_match(&quote;/^redirect=(&#1111;a-z0-9\.#\/\?&amp;=\+\-_]+)/si&quote;, $forward_to, $forward_matches) )
			{
				$forward_to = ( !empty($forward_matches&#1111;3]) ) ? $forward_matches&#1111;3] : $forward_matches&#1111;1];
				$forward_match = explode('&amp;', $forward_to);

				if(count($forward_match) &gt; 1)
				{
					$forward_page = '';

					for($i = 1; $i &lt; count($forward_match); $i++)
					{
						if( !ereg(&quote;sid=&quote;, $forward_match&#1111;$i]) )
						{
							if( $forward_page != '' )
							{
					   login.php
 *                            -------------------
 *   begin                : Saturday, Feb 13, 2001
 *   copyright            : (C) 2001 The phpBB Group
 *   email                : support@phpbb.com
 *
 *   $Id: login.php,v 1.47.2.16 2004/07/17 13:48:32 acydburn Exp $
 *
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

//
// Allow people to reach login page if
// board is shut down
//
define(&quote;IN_LOGIN&quote;, true);

define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

//
// Set page ID for session management
//
$userdata = session_pagestart($user_ip, PAGE_LOGIN);
init_userprefs($userdata);
//
// End session management
//

// session id check
if (!empty($HTTP_POST_VARS&#1111;'sid']) || !empty($HTTP_GET_VARS&#1111;'sid']))
{
	$sid = (!empty($HTTP_POST_VARS&#1111;'sid'])) ? $HTTP_POST_VARS&#1111;'sid'] : $HTTP_GET_VARS&#1111;'sid'];
}
else
{
	$sid = '';
}

if( isset($HTTP_POST_VARS&#1111;'login']) || isset($HTTP_GET_VARS&#1111;'login']) || isset($HTTP_POST_VARS&#1111;'logout']) || isset($HTTP_GET_VARS&#1111;'logout']) )
{
	if( ( isset($HTTP_POST_VARS&#1111;'login']) || isset($HTTP_GET_VARS&#1111;'login']) ) &amp;&amp; !$userdata&#1111;'session_logged_in'] )
	{
		$username = isset($HTTP_POST_VARS&#1111;'username']) ? trim(htmlspecialchars($HTTP_POST_VARS&#1111;'username'])) : '';
		$username = substr(str_replace(&quote;\\'&quote;, &quote;'&quote;, $username), 0, 25);
		$username = str_replace(&quote;'&quote;, &quote;\\'&quote;, $username);
		$password = isset($HTTP_POST_VARS&#1111;'password']) ? $HTTP_POST_VARS&#1111;'password'] : '';

		$sql = &quote;SELECT user_id, username, user_password, user_active, user_level
			FROM &quote; . USERS_TABLE . &quote;
			WHERE username = '&quote; . str_replace(&quote;\\'&quote;, &quote;''&quote;, $username) . &quote;'&quote;;
		if ( !($result = $db-&gt;sql_query($sql)) )
		{
			message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
		}

		if( $row = $db-&gt;sql_fetchrow($result) )
		{
			if( $row&#1111;'user_level'] != ADMIN &amp;&amp; $board_config&#1111;'board_disable'] )
			{
				redirect(append_sid(&quote;index.$phpEx&quote;, true));
			}
			else
			{
				if( md5($password) == $row&#1111;'user_password'] &amp;&amp; $row&#1111;'user_active'] )
				{
					$autologin = ( isset($HTTP_POST_VARS&#1111;'autologin']) ) ? TRUE : 0;

					$session_id = session_begin($row&#1111;'user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin);

					if( $session_id )
					{
						$url = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : &quote;index.$phpEx&quote;;
						redirect(append_sid($url, true));
					}
					else
					{
						message_die(CRITICAL_ERROR, &quote;Couldn't start session : login&quote;, &quote;&quote;, __LINE__, __FILE__);
					}
				}
				else
				{
					$redirect = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : '';
					$redirect = str_replace('?', '&amp;', $redirect);

					if (strstr(urldecode($redirect), &quote;\n&quote;) || strstr(urldecode($redirect), &quote;\r&quote;))
					{
						message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
					}

					$template-&gt;assign_vars(array(
						'META' =&gt; &quote;&lt;meta http-equiv=\&quote;refresh\&quote; content=\&quote;3;url=login.$phpEx?redirect=$redirect\&quote;&gt;&quote;)
					);

					$message = $lang&#1111;'Error_login'] . '&lt;br /&gt;&lt;br /&gt;' . sprintf($lang&#1111;'Click_return_login'], &quote;&lt;a href=\&quote;login.$phpEx?redirect=$redirect\&quote;&gt;&quote;, '&lt;/a&gt;') . '&lt;br /&gt;&lt;br /&gt;' .  sprintf($lang&#1111;'Click_return_index'], '&lt;a href=&quote;' . append_sid(&quote;index.$phpEx&quote;) . '&quote;&gt;', '&lt;/a&gt;');

					message_die(GENERAL_MESSAGE, $message);
				}
			}
		}
		else
		{
			$redirect = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : &quote;&quote;;
			$redirect = str_replace(&quote;?&quote;, &quote;&amp;&quote;, $redirect);

			if (strstr(urldecode($redirect), &quote;\n&quote;) || strstr(urldecode($redirect), &quote;\r&quote;))
			{
				message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
			}

			$template-&gt;assign_vars(array(
				'META' =&gt; &quote;&lt;meta http-equiv=\&quote;refresh\&quote; content=\&quote;3;url=login.$phpEx?redirect=$redirect\&quote;&gt;&quote;)
			);

			$message = $lang&#1111;'Error_login'] . '&lt;br /&gt;&lt;br /&gt;' . sprintf($lang&#1111;'Click_return_login'], &quote;&lt;a href=\&quote;login.$phpEx?redirect=$redirect\&quote;&gt;&quote;, '&lt;/a&gt;') . '&lt;br /&gt;&lt;br /&gt;' .  sprintf($lang&#1111;'Click_return_index'], '&lt;a href=&quote;' . append_sid(&quote;index.$phpEx&quote;) . '&quote;&gt;', '&lt;/a&gt;');

			message_die(GENERAL_MESSAGE, $message);
		}
	}
	else if( ( isset($HTTP_GET_VARS&#1111;'logout']) || isset($HTTP_POST_VARS&#1111;'logout']) ) &amp;&amp; $userdata&#1111;'session_logged_in'] )
	{
		if( $userdata&#1111;'session_logged_in'] )
		{
			session_end($userdata&#1111;'session_id'], $userdata&#1111;'user_id']);
		}

		if (!empty($HTTP_POST_VARS&#1111;'redirect']) || !empty($HTTP_GET_VARS&#1111;'redirect']))
		{
			$url = (!empty($HTTP_POST_VARS&#1111;'redirect'])) ? htmlspecialchars($HTTP_POST_VARS&#1111;'redirect']) : htmlspecialchars($HTTP_GET_VARS&#1111;'redirect']);
			$url = str_replace('&amp;amp;', '&amp;', $url);
			redirect(append_sid($url, true));
		}
		else
		{
			redirect(append_sid(&quote;index.$phpEx&quote;, true));
		}
	}
	else
	{
		$url = ( !empty($HTTP_POST_VARS&#1111;'redirect']) ) ? str_replace('&amp;amp;', '&amp;', htmlspecialchars($HTTP_POST_VARS&#1111;'redirect'])) : &quote;index.$phpEx&quote;;
		redirect(append_sid($url, true));
	}
}
else
{
	//
	// Do a full login page dohickey if
	// user not already logged in
	//
	if( !$userdata&#1111;'session_logged_in'] )
	{
		$page_title = $lang&#1111;'Login'];
		include($phpbb_root_path . 'includes/page_header.'.$phpEx);

		$template-&gt;set_filenames(array(
			'body' =&gt; 'login_body.tpl')
		);

		if( isset($HTTP_POST_VARS&#1111;'redirect']) || isset($HTTP_GET_VARS&#1111;'redirect']) )
		{
			$forward_to = $HTTP_SERVER_VARS&#1111;'QUERY_STRING'];

			if( preg_match(&quote;/^redirect=(&#1111;a-z0-9\.#\/\?&amp;=\+\-_]+)/si&quote;, $forward_to, $forward_matches) )
			{
				$forward_to = ( !empty($forward_matches&#1111;3]) ) ? $forward_matches&#1111;3] : $forward_matches&#1111;1];
				$forward_match = explode('&amp;', $forward_to);

				if(count($forward_match) &gt; 1)
				{
					$forward_page = '';

					for($i = 1; $i &lt; count($forward_match); $i++)
					{
						if( !ereg(&quote;sid=&quote;, $forward_match&#1111;$i]) )
						{
							if( $forward_page != '' )
							{
								$forward_page .= '&amp;';
							}
							$forward_page .= $forward_match&#1111;$i];
						}
					}
					$forward_page = $forward_match&#1111;0] . '?' . $forward_page;
				}
				else
				{
					$forward_page = $forward_match&#1111;0];
				}
			}
		}
		else
		{
			$forward_page = '';
		}

		$username = (                      login.php
 *                            -------------------
 *   begin                : Saturday, Feb 13, 2001
 *   copyright            : (C) 2001 The phpBB Group
 *   email                : support@phpbb.com
 *
 *   $Id: login.php,v 1.47.2.16 2004/07/17 13:48:32 acydburn Exp $
 *
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

//
// Allow people to reach login page if
// board is shut down
//
define("IN_LOGIN", true);

define('IN_PHP
Majoraslayer
Forum Commoner
Posts: 64
Joined: Thu Jun 30, 2005 11:50 am
Location: In Your Mind...
Contact:

Post by Majoraslayer »

My topic has almost been wiped out of the way so I have to *bump it. Any help would be appreciated!
Post Reply