Details
-
Bug
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Won't Fix
-
3.0.8
-
None
-
MySQL (5.1.53), PHP Version 5.2.14, Firefox 3.6.13
Description
The function login_box has a fist parameter named $redirect that is used to redirect the user once he is logged.
But this parameter does not work correctly because it conflicts with another redirect mechanism. This has no significant effect on unmodified phpBB3 except when looking at the generated code of the page. For example when following those steps:
1) Reach the board index being anonymous
2) Click on Login link or button (do NOT log in)
==> The login page is displayed.
3) Show the source code of the login page in the browser and search for the redirect hidden field
==> You should find 2 of them with different addresses
Example with prosilver (second and third hidden input fields):
...
<dd><input type="hidden" name="sid" value="3aed7e19f0cd353ae71ad6b8c441a1b8" />
<input type="hidden" name="redirect" value="index.php" />
<input type="submit" name="login" tabindex="6" value="Connexion" class="button1" /></dd>
</dl>
<input type="hidden" name="redirect" value="./ucp.php?mode=login&sid=3aed7e19f0cd353ae71ad6b8c441a1b8" />
</fieldset>
...
The reason is that the page_header function always fills a redirect variable called S_LOGIN_REDIRECT with a first redirection input field
and the login_box function when called with a non-blank $redirect parameter adds to the variable S_HIDDEN_FIELDS another redirection input field
Both S_LOGIN_REDIRECT are used in the S_HIDDEN_FIELDS login_body template hence the double inconsistent redirection.
I cannot suggest which is the right fix for that because I don't understand the aim of S_LOGIN_REDIRECT. I am trying to work without using this variable at all and until now I have not found any regression. Though I can't pretend that this is the right fix.