Bug#535178: Login page redirecting logged users to their Inbox pages

Tue, 30 Jun 2009 06:55:43 -0700 

Package: atmailopen
Version: 1.03+dfsg+svn93-5
Severity: minor

    If you are logged in the atmailopen and back to the index page (by
hitting the "Back" button in the browser or just by cleaning the URL),
you're sent to the login page again (aka index.php). Once you already
are logged in, I think the system should detect it and redirect you to
your Inbox page because there's no need to the user authenticate
again.

    I attached at this message a patch in the index.php page that
enables this feature. I'm currently running this patch in one of my
atmailopen instances.


-- 
Atenciosamente,

Arthur Furlan
[email protected]

--- index.php	2009-06-30 10:25:04.000000000 -0300
+++ index.php-patched	2009-06-30 10:23:53.000000000 -0300
@@ -8,13 +8,15 @@
 // | http://opensource.org/licenses/apache2.0.php                   |
 // +----------------------------------------------------------------+
 
-require_once('header.php');
-
 // Check for system installation
 if (!file_exists('libs/Atmail/Config.php'))
     redirectToInstaller();
 
+require_once('header.php');
+require_once('GetMail.php');
+require_once('Session.php');
 require_once('Global.php');
+session_start();
 
 // Check again for system installation, just in case Config.php
 // was manually created
@@ -39,6 +41,7 @@
     $var['browser'] = "ns";
 
 $atmail = new AtmailGlobal();
+$auth = $atmail->getAuthObj();
 
 $var['func'] = $_REQUEST['func'];
 $var['version'] = $pref['version'];
@@ -52,12 +55,6 @@
 // a blank SessionID. Delete the Session for the DB too
 if ( $var['func'] == "logout" )
 {
-	require_once('Session.php');
-
-	session_start();
-
-	$auth =& $atmail->getAuthObj();
-
 	// Find the users current settings, if to delete the trash on logout
 	//$atmail->cookie_read($auth);
 	//$auth->getuser();
@@ -131,6 +128,15 @@
 
 	$auth->destroy_session();
 
+} else {
+    /* if there's no error and the user is logged in, redirect him to its inbox */
+    if (!empty($_REQUEST['error'])) {
+        $auth->destroy_session();
+	$auth->SessionID = null;
+    } else if (!empty($auth->SessionID)) {
+        header('location: parse.php?file=html/LANG/simple/showmail_interface.html&ajax=1');
+	exit;
+    }
 }
 
 $var['Ajax'] = '1';

Reply via email to