From c4f2d0e202562a6e2ffb131bba466e6be40ff3e1 Mon Sep 17 00:00:00 2001
From: tDidierjean <thomas.didierjean@prestashop.com>
Date: Tue, 14 Feb 2012 16:29:21 +0000
Subject: [PATCH] [-] BO : fix bug #PSFV-421 - bug with redirection after login

---
 .../template/controllers/login/content.tpl    |  3 +-
 classes/controller/AdminController.php        | 27 ++++++-----
 controllers/admin/AdminLoginController.php    | 46 ++++++++++---------
 js/login.js                                   | 11 ++++-
 4 files changed, 51 insertions(+), 36 deletions(-)

diff --git a/admin-dev/themes/default/template/controllers/login/content.tpl b/admin-dev/themes/default/template/controllers/login/content.tpl
index df6c2c9e5..473d1c87c 100755
--- a/admin-dev/themes/default/template/controllers/login/content.tpl
+++ b/admin-dev/themes/default/template/controllers/login/content.tpl
@@ -50,7 +50,7 @@
 	<div id="login">
 	{if !isset($wrong_folder_name)}
 		<h1>{$shop_name}</h1>
-		<form action="" method="post" id="login_form" onsubmit="doAjaxLogin();return false;">
+		<form action="" method="post" id="login_form" onsubmit="doAjaxLogin({$redirect});return false;">
 			<label for="email">{l s='E-mail address:'}</label><br />
 			<input type="text" id="email" name="email" class="input" value="{if isset($email)}{$email|htmlentities}{/if}" />
 			<div style="margin: 1.8em 0 0 0;">
@@ -59,6 +59,7 @@
 			</div>
 			<div>
 				<div id="submit">
+					<input type="hidden" name="redirect" value="{$redirect}"/>
 					<input type="submit" name="submitLogin" value="{l s='Log in'}" class="button" style="float:left"/>
 					<span style="float:left;width:30px">
 						<img id="ajax-loader" src="../img/loader.gif" style="float:left;margin:2px 0 0 5px;display:none">
diff --git a/classes/controller/AdminController.php b/classes/controller/AdminController.php
index 82fd596d8..dbdf811a1 100644
--- a/classes/controller/AdminController.php
+++ b/classes/controller/AdminController.php
@@ -250,21 +250,24 @@ class AdminControllerCore extends Controller
 	/** @var current object ID */
 	protected $id_object;
 
+	/**
+	 * @var current controller name without suffix
+	 */
+	public $controller_name;
+
 	public function __construct()
 	{
-		$controller = get_class($this);
-		// temporary fix for Token retrocompatibility
-		// This has to be done when url is built instead of here)
-		if (strpos($controller, 'Controller'))
-			$controller = substr($controller, 0, -10);
+		$this->controller_name = get_class($this);
+		if (strpos($this->controller_name, 'Controller'))
+			$this->controller_name = substr($this->controller_name, 0, -10);
 
 		parent::__construct();
 
 		$this->bo_theme = ((Validate::isLoadedObject($this->context->employee) && $this->context->employee->bo_theme) ? $this->context->employee->bo_theme : 'default');
 		$this->context->smarty->setTemplateDir(_PS_BO_ALL_THEMES_DIR_.$this->bo_theme.'/template');
 
-		$this->id = Tab::getIdFromClassName($controller);
-		$this->token = Tools::getAdminToken($controller.(int)$this->id.(int)$this->context->employee->id);
+		$this->id = Tab::getIdFromClassName($this->controller_name);
+		$this->token = Tools::getAdminToken($this->controller_name.(int)$this->id.(int)$this->context->employee->id);
 
 		$this->_conf = array(
 			1 => $this->l('Deletion successful'), 2 => $this->l('Selection successfully deleted'),
@@ -289,16 +292,16 @@ class AdminControllerCore extends Controller
 		$this->tabAccess = Profile::getProfileAccess($this->context->employee->id_profile, $this->id);
 
 		// Fix for AdminHome
-		if ($controller == 'AdminHome')
+		if ($this->controller_name == 'AdminHome')
 			$_POST['token'] = $this->token;
 
 		if (!Shop::isFeatureActive())
 			$this->shopLinkType = '';
 
 		//$this->base_template_folder = _PS_BO_ALL_THEMES_DIR_.$this->bo_theme.'/template';
-		$this->override_folder = Tools::toUnderscoreCase(substr($controller, 5)).'/';
+		$this->override_folder = Tools::toUnderscoreCase(substr($this->controller_name, 5)).'/';
 		// Get the name of the folder containing the custom tpl files
-		$this->tpl_folder = Tools::toUnderscoreCase(substr($controller, 5)).'/';
+		$this->tpl_folder = Tools::toUnderscoreCase(substr($this->controller_name, 5)).'/';
 
 		$this->context->currency = new Currency(Configuration::get('PS_CURRENCY_DEFAULT'));
 	}
@@ -1626,8 +1629,8 @@ class AdminControllerCore extends Controller
 		if (isset($_GET['logout']))
 			$this->context->employee->logout();
 
-		if (get_class($this) != 'AdminLoginController' && (!isset($this->context->employee) || !$this->context->employee->isLoggedBack()))
-			Tools::redirectAdmin($this->context->link->getAdminLink('AdminLogin').(!isset($_GET['logout']) ? '?redirect='.$_SERVER['REQUEST_URI'] : ''));
+		if ($this->controller_name != 'AdminLogin' && (!isset($this->context->employee) || !$this->context->employee->isLoggedBack()))
+			Tools::redirectAdmin($this->context->link->getAdminLink('AdminLogin').(!isset($_GET['logout']) ? '&redirect='.$this->controller_name : ''));
 
 		// Set current index
 		$current_index = dirname($_SERVER['SCRIPT_NAME']).'/index.php'.(($controller = Tools::getValue('controller')) ? '?controller='.$controller : '');
diff --git a/controllers/admin/AdminLoginController.php b/controllers/admin/AdminLoginController.php
index b3ada5ba6..6556275ec 100755
--- a/controllers/admin/AdminLoginController.php
+++ b/controllers/admin/AdminLoginController.php
@@ -75,6 +75,10 @@ class AdminLoginControllerCore extends AdminController
 				'randomNb' => rand(100, 999),
 				'wrong_folder_name'	=> true)
 				);
+
+		// Redirect to admin panel
+		if (isset($_GET['redirect']) && Validate::isControllerName($_GET['redirect']))
+			$redirect = $_GET['redirect'];
 		
 		if ($nbErrors = count($this->errors))
 			$this->context->smarty->assign(
@@ -85,6 +89,8 @@ class AdminLoginControllerCore extends AdminController
 					'disableDefaultErrorOutPut' => true,
 					)
 				);
+
+		$this->context->smarty->assign(array('redirect' => isset($redirect) ? $redirect : null));
 		$this->setMedia();
 		$this->initHeader();
 		parent::initContent();
@@ -132,37 +138,35 @@ class AdminLoginControllerCore extends AdminController
 			
 		if (!count($this->errors))
 		{
-		 	/* Seeking for employee */
-			$employee = new Employee();
-			if (!$employee->getByemail($email, $passwd))
+		 	// Find employee
+			$this->context->employee = new Employee();
+			if (!$this->context->employee->getByemail($email, $passwd))
 			{
 				$this->errors[] = Tools::displayError('Employee does not exist or password is incorrect.');
-				$employee->logout();
+				$this->context->employee->logout();
 			}
 			else
 			{
-				$employee->remote_addr = ip2long(Tools::getRemoteAddr());
-			 	/* Creating cookie */
+				$this->context->employee->remote_addr = ip2long(Tools::getRemoteAddr());
+			 	// Update cookie
 				$cookie = Context::getContext()->cookie;
-				$cookie->id_employee = $employee->id;
-				$cookie->email = $employee->email;
-				$cookie->profile = $employee->id_profile;
-				$cookie->passwd = $employee->passwd;
-				$cookie->remote_addr = $employee->remote_addr;
+				$cookie->id_employee = $this->context->employee->id;
+				$cookie->email = $this->context->employee->email;
+				$cookie->profile = $this->context->employee->id_profile;
+				$cookie->passwd = $this->context->employee->passwd;
+				$cookie->remote_addr = $this->context->employee->remote_addr;
 				$cookie->write();
-								
-				/* Redirect to admin panel */
-				if (isset($_GET['redirect']))
-					$url = strval($_GET['redirect'].(isset($_GET['token']) ? ('&token='.$_GET['token']) : ''));
+
+				// If there is a valid controller name submitted, redirect to it
+				if (isset($_POST['redirect']) && Validate::isControllerName($_POST['redirect']))
+					$url = $this->context->link->getAdminLink($_POST['redirect']);
 				else
-					$url = 'index.php';
-				if (!Validate::isCleanHtml($url))
-					die(Tools::displayError());
-				
+					$url = $this->context->link->getAdminLink('AdminHome');
+
 				if (Tools::isSubmit('ajax'))
-					die(Tools::jsonEncode(array('hasErrors' => false, 'redirect' => $this->context->link->getAdminLink('AdminHome'))));
+					die(Tools::jsonEncode(array('hasErrors' => false, 'redirect' => $url)));
 				else
-					$this->redirect_after = $this->context->link->getAdminLink('AdminHome');
+					$this->redirect_after = $url;
 			}
 		}
 		if (Tools::isSubmit('ajax'))
diff --git a/js/login.js b/js/login.js
index f0649b540..da3506ef4 100644
--- a/js/login.js
+++ b/js/login.js
@@ -15,7 +15,13 @@ function displayLogin() {
 	$('#login').revertFlip();
 	return false;
 }
-function doAjaxLogin() {
+
+/**
+ * Check user credentials
+ *
+ * @param string redirect name of the controller to redirect to after login (or null)
+ */
+function doAjaxLogin(redirect) {
 	$('#error').hide();
 	$('#ajax-loader').fadeIn('slow', function() {
 		$.ajax({
@@ -29,7 +35,8 @@ function doAjaxLogin() {
 				controller: "AdminLogin",
 				submitLogin: "1",
 				passwd: $('#passwd').val(),
-				email: $('#email').val()
+				email: $('#email').val(),
+				redirect: redirect
 			},
 			success: function(jsonData) {
 				if (jsonData.hasErrors) {