[FEATURE] Proper login/logout/auth redirects

* Allow to redirect to referrer page when access is denied
* Logout user and point towards login, add redirect
* Logout user as usual but added save redirects
* Adjusted templates and page codes

public/include/classes/user.class.php

@@ -411,7 +411,7 @@ class User {
    * @param none
    * @return true
    **/
-  public function logoutUser($redirect="index.php") {
+  public function logoutUser($from="") {
     $this->debug->append("STA " . __METHOD__, 4);
     // Unset all of the session variables
     $_SESSION = array();
@@ -424,8 +424,11 @@ class User {
     session_destroy();
     // Enforce generation of a new Session ID and delete the old
     session_regenerate_id(true);
-    // Enforce a page reload
-    header("Location: $redirect");
+    // Enforce a page reload and point towards login with referrer included, if supplied
+    $location = @$_SERVER['HTTPS'] ? 'https' : 'http' . '://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'];
+    if (!empty($from)) $location .= '?page=login&to=' . urlencode($from);
+    // if (!headers_sent()) header('Location: ' . $location, true, 307);
+    exit('<meta http-equiv="refresh" content="0; url=' . $location . '"/>');
   }
 
   /**
@@ -658,7 +661,7 @@ class User {
         $this->getUserIp($_SESSION['USERDATA']['id']) == $_SERVER['REMOTE_ADDR']
       ) return true;
     // Catchall
-    if ($logout == true) $this->logoutUser();
+    if ($logout == true) $this->logoutUser($_SERVER['REQUEST_URI']);
     return false;
   }
 }

public/include/pages/dashboard.inc.php

@@ -3,43 +3,46 @@
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 
-// Defaults to get rid of PHP Notice warnings
-$dDifficulty = 1;
-$aRoundShares = 1;
+if ($user->isAuthenticated()) {
+  // Defaults to get rid of PHP Notice warnings
+  $dDifficulty = 1;
+  $aRoundShares = 1;
 
-// Only run these if the user is logged in
-$aRoundShares = $statistics->getRoundShares();
-if ($bitcoin->can_connect() === true) {
-  $dDifficulty = $bitcoin->query('getdifficulty');
-  if (is_array($dDifficulty) && array_key_exists('proof-of-work', $dDifficulty))
-    $dDifficulty = $dDifficulty['proof-of-work'];
-}
-
-// Always fetch this since we need for ministats header
-$aRoundShares = $statistics->getRoundShares();
-if ($bitcoin->can_connect() === true) {
+  // Only run these if the user is logged in
+  $aRoundShares = $statistics->getRoundShares();
+  if ($bitcoin->can_connect() === true) {
     $dDifficulty = $bitcoin->query('getdifficulty');
-      if (is_array($dDifficulty) && array_key_exists('proof-of-work', $dDifficulty))
-            $dDifficulty = $dDifficulty['proof-of-work'];
-        try { $dNetworkHashrate = $bitcoin->query('getnetworkhashps') / 1000; } catch (Exception $e) {
-          // Maybe we are SHA
-          try { $dNetworkHashrate = $bitcoin->query('gethashespersec') / 1000; } catch (Exception $e) {
-            $dNetworkHashrate = 0;
-          }
-          $dNetworkHashrate = 0;
-        }
-} else {
-  $dNetworkHashrate = 0;
+    if (is_array($dDifficulty) && array_key_exists('proof-of-work', $dDifficulty))
+      $dDifficulty = $dDifficulty['proof-of-work'];
+  }
+
+  // Always fetch this since we need for ministats header
+  $aRoundShares = $statistics->getRoundShares();
+  if ($bitcoin->can_connect() === true) {
+    $dDifficulty = $bitcoin->query('getdifficulty');
+    if (is_array($dDifficulty) && array_key_exists('proof-of-work', $dDifficulty))
+      $dDifficulty = $dDifficulty['proof-of-work'];
+    try { $dNetworkHashrate = $bitcoin->query('getnetworkhashps') / 1000; } catch (Exception $e) {
+      // Maybe we are SHA
+      try { $dNetworkHashrate = $bitcoin->query('gethashespersec') / 1000; } catch (Exception $e) {
+        $dNetworkHashrate = 0;
+      }
+      $dNetworkHashrate = 0;
+    }
+  } else {
+    $dNetworkHashrate = 0;
+  }
+
+  // Fetch some data
+  if (!$iCurrentActiveWorkers = $worker->getCountAllActiveWorkers()) $iCurrentActiveWorkers = 0;
+  $iCurrentPoolHashrate =  $statistics->getCurrentHashrate();
+  $iCurrentPoolShareRate = $statistics->getCurrentShareRate();
+
+  // Avoid confusion, ensure our nethash isn't higher than poolhash
+  if ($iCurrentPoolHashrate > $dNetworkHashrate) $dNetworkHashrate = $iCurrentPoolHashrate;
+
+  // Make it available in Smarty
+  $smarty->assign('CONTENT', 'default.tpl');
 }
 
-// Fetch some data
-if (!$iCurrentActiveWorkers = $worker->getCountAllActiveWorkers()) $iCurrentActiveWorkers = 0;
-$iCurrentPoolHashrate =  $statistics->getCurrentHashrate();
-$iCurrentPoolShareRate = $statistics->getCurrentShareRate();
-
-// Avoid confusion, ensure our nethash isn't higher than poolhash
-if ($iCurrentPoolHashrate > $dNetworkHashrate) $dNetworkHashrate = $iCurrentPoolHashrate;
-
-// Make it available in Smarty
-$smarty->assign('CONTENT', 'default.tpl');
 ?>

public/include/pages/login.inc.php

@@ -6,7 +6,10 @@ if (!defined('SECURITY')) die('Hacking attempt');
 if ($setting->getValue('maintenance') && !$user->isAdmin($user->getUserId($_POST['username']))) {
   $_SESSION['POPUP'][] = array('CONTENT' => 'You are not allowed to login during maintenace.', 'TYPE' => 'info');
 } else if ($user->checkLogin(@$_POST['username'], @$_POST['password']) ) {
-  header('Location: index.php?page=home');
+  empty($_POST['to']) ? $to = $_SERVER['PHP_SELF'] : $to = $_POST['to'];
+  $location = @$_SERVER['HTTPS'] === true ? 'https' : 'http' . '://' . $_SERVER['SERVER_NAME'] . $to;
+  if (!headers_sent()) header('Location: ' . $location, true, 307);
+  exit('<meta http-equiv="refresh" content="0; url=' . $location . '"/>');
 } else if (@$_POST['username'] && @$_POST['password']) {
   $_SESSION['POPUP'][] = array('CONTENT' => 'Unable to login: '. $user->getError(), 'TYPE' => 'errormsg');
 }

public/include/pages/logout.inc.php

@@ -7,5 +7,5 @@ if (!defined('SECURITY'))
 // This probably (?) never fails
 $user->logoutUser();
 $smarty->assign("CONTENT", "default.tpl");
-header('Location: index.php?page=home');
+// header('Location: index.php?page=home');
 ?>

public/templates/test/dashboard/default.tpl

@@ -1,8 +1,6 @@
 {if $smarty.session.AUTHENTICATED|default}
-{assign var=payout_system value=$GLOBAL.config.payout_system}
-{include file="dashboard/graph.tpl"}
-{include file="dashboard/default_$payout_system.tpl"}
-{include file="dashboard/gauges.tpl"}
-{else}
-{include file="login/default.tpl"}
+  {assign var=payout_system value=$GLOBAL.config.payout_system}
+  {include file="dashboard/graph.tpl"}
+  {include file="dashboard/default_$payout_system.tpl"}
+  {include file="dashboard/gauges.tpl"}
 {/if}

public/templates/test/login/default.tpl

@@ -1,21 +1,22 @@
 <article class="module width_half">
   <form action="{$smarty.server.PHP_SELF}?page=login" method="post" id="loginForm">
+    <input type="hidden" name="to" value="{($smarty.request.to|default:"{$smarty.server.PHP_SELF}?page=dashboard")|escape}" />
   <header><h3>Login with existing account</h3></header>
   <div class="module_content">
       <fieldset>
         <label>Username</label>
-        <input type="text" name="username" size="22" maxlength="20" required>
+        <input type="text" name="username" size="22" maxlength="20" required />
       </fieldset>
       <fieldset>
         <label>Password</label>
-        <input type="password" name="password" size="22" maxlength="20" required>
+        <input type="password" name="password" size="22" maxlength="20" required />
       </fieldset>
     <div class="clear"></div>
   </div>
   <footer>
     <div class="submit_link">
       <a href="{$smarty.server.PHP_SELF}?page=password"><font size="1">Forgot your password?</font></a>
-      <input type="submit" value="Login" class="alt_btn">
+      <input type="submit" value="Login" class="alt_btn" />
     </div>
   </footer>
   </form>