mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-04 17:21:39 +09:00
Fix referer URL handling to account for member mid redirect
This commit is contained in:
Kijin Sung
parent
a9b3d99cf2
commit
b2bc724715
3 changed files with 80 additions and 35 deletions
|
|
@ -867,25 +867,27 @@ class MemberController extends Member
|
|||
// Call a trigger (after)
|
||||
ModuleHandler::triggerCall('member.procMemberInsert', 'after', $config);
|
||||
|
||||
if($config->redirect_url)
|
||||
self::clearMemberCache($args->member_srl);
|
||||
|
||||
// Redirect
|
||||
if ($config->redirect_url)
|
||||
{
|
||||
$returnUrl = $config->redirect_url;
|
||||
}
|
||||
elseif (Context::get('success_return_url'))
|
||||
{
|
||||
$returnUrl = Context::get('success_return_url');
|
||||
}
|
||||
elseif (isset($_SESSION['member_auth_referer']))
|
||||
{
|
||||
$returnUrl = $_SESSION['member_auth_referer'];
|
||||
unset($_SESSION['member_auth_referer']);
|
||||
}
|
||||
else
|
||||
{
|
||||
if(Context::get('success_return_url'))
|
||||
{
|
||||
$returnUrl = Context::get('success_return_url');
|
||||
}
|
||||
else if($_COOKIE['XE_REDIRECT_URL'])
|
||||
{
|
||||
$returnUrl = $_COOKIE['XE_REDIRECT_URL'];
|
||||
setcookie("XE_REDIRECT_URL", '', 1);
|
||||
}
|
||||
$returnUrl = getNotEncodedUrl('');
|
||||
}
|
||||
|
||||
self::clearMemberCache($args->member_srl);
|
||||
|
||||
$this->setRedirectUrl($returnUrl);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -47,7 +47,47 @@ class MemberView extends Member
|
|||
}
|
||||
|
||||
/**
|
||||
* Check redirect
|
||||
* Check the referer for login and signup pages.
|
||||
*/
|
||||
public function checkRefererUrl()
|
||||
{
|
||||
// Get the referer URL from Context var or HTTP header.
|
||||
$referer_url = Context::get('referer_url') ?: ($_SERVER['HTTP_REFERER'] ?? '');
|
||||
|
||||
// Check if the referer is an internal URL.
|
||||
$is_valid_referer = !empty($referer_url) && Rhymix\Framework\URL::isInternalURL($referer_url);
|
||||
|
||||
// Check if the referer is the login or signup page, to prevent redirect loops.
|
||||
if (preg_match('!\b(dispMemberLoginForm|dispMemberSignUpForm|dispMemberFindAccount|dispMemberResendAuthMail|procMember)!', $referer_url))
|
||||
{
|
||||
$is_valid_referer = false;
|
||||
}
|
||||
if (preg_match('!/(login|signup)\b!', $referer_url))
|
||||
{
|
||||
$is_valid_referer = false;
|
||||
}
|
||||
|
||||
// Store valid referer info in the session.
|
||||
if ($is_valid_referer)
|
||||
{
|
||||
return $_SESSION['member_auth_referer'] = $referer_url;
|
||||
}
|
||||
elseif (isset($_SESSION['member_auth_referer']))
|
||||
{
|
||||
return $_SESSION['member_auth_referer'];
|
||||
}
|
||||
elseif ($this->mid && !empty($this->member_config->mid) && $this->mid === $this->member_config->mid)
|
||||
{
|
||||
return getNotEncodedUrl('');
|
||||
}
|
||||
else
|
||||
{
|
||||
return getNotEncodedUrl('act', '');
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check redirect to member mid.
|
||||
*/
|
||||
public function checkMidAndRedirect()
|
||||
{
|
||||
|
|
@ -245,14 +285,24 @@ class MemberView extends Member
|
|||
*/
|
||||
function dispMemberSignUpForm()
|
||||
{
|
||||
//setcookie for redirect url in case of going to member sign up
|
||||
setcookie("XE_REDIRECT_URL", $_SERVER['HTTP_REFERER'], 0, '/', null, !!config('session.use_ssl_cookies'));
|
||||
// Check referer URL
|
||||
$referer_url = $this->checkRefererUrl();
|
||||
|
||||
$member_config = $this->member_config;
|
||||
// Redirect to member mid if necessary.
|
||||
if (!$this->checkMidAndRedirect())
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
// Return to previous screen if already logged in.
|
||||
if($this->user->isMember())
|
||||
{
|
||||
$this->setRedirectUrl($referer_url);
|
||||
return;
|
||||
}
|
||||
|
||||
// Get the member information if logged-in
|
||||
if($this->user->member_srl) throw new Rhymix\Framework\Exception('msg_already_logged');
|
||||
// call a trigger (before)
|
||||
$member_config = $this->member_config;
|
||||
$trigger_output = ModuleHandler::triggerCall('member.dispMemberSignUpForm', 'before', $member_config);
|
||||
if(!$trigger_output->toBool()) return $trigger_output;
|
||||
|
||||
|
|
@ -710,25 +760,18 @@ class MemberView extends Member
|
|||
*/
|
||||
function dispMemberLoginForm()
|
||||
{
|
||||
// Get referer URL
|
||||
$referer_url = Context::get('referer_url') ?: ($_SERVER['HTTP_REFERER'] ?? '');
|
||||
$is_valid_referer = !empty($referer_url) && Rhymix\Framework\URL::isInternalURL($referer_url);
|
||||
if (preg_match('!\b(dispMemberLoginForm|dispMemberSignUpForm|dispMemberFindAccount|dispMemberResendAuthMail|procMember)!', $referer_url))
|
||||
{
|
||||
$is_valid_referer = false;
|
||||
}
|
||||
if (preg_match('!/(login|signup)\b!', $referer_url))
|
||||
{
|
||||
$is_valid_referer = false;
|
||||
}
|
||||
if (!$is_valid_referer)
|
||||
{
|
||||
$referer_url = getNotEncodedUrl('act', '');
|
||||
}
|
||||
// Check referer URL
|
||||
$referer_url = $this->checkRefererUrl();
|
||||
Context::set('referer_url', $referer_url);
|
||||
|
||||
// Redirect to member mid if necessary.
|
||||
if (!$this->checkMidAndRedirect())
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
// Return to previous screen if already logged in.
|
||||
if(Context::get('is_logged'))
|
||||
if($this->user->isMember())
|
||||
{
|
||||
$this->setRedirectUrl($referer_url);
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@
|
|||
<form ruleset="@insertMember" id="fo_insert_member" action="./" method="post" enctype="multipart/form-data" class="form-horizontal">
|
||||
<input type="hidden" name="act" value="procMemberInsert" />
|
||||
<input type="hidden" name="xe_validator_id" value="modules/member/skins" />
|
||||
<input type="hidden" name="success_return_url" value="{getUrl('act','dispMemberInfo')}" />
|
||||
<input type="hidden" name="success_return_url" value="" />
|
||||
<div class="agreement" loop="$member_config->agreements => $i, $agreement" cond="$agreement->type !== 'disabled'">
|
||||
<div class="title">
|
||||
{$agreement->title}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue