diff -Naur cacti-0.8.7g-old/auth_changepassword.php cacti-0.8.7g/auth_changepassword.php --- cacti-0.8.7g-old/auth_changepassword.php 2010-07-09 18:33:46.000000000 -0400 +++ cacti-0.8.7g/auth_changepassword.php 2010-07-09 18:34:11.000000000 -0400 @@ -59,6 +59,8 @@ header("Location: index.php"); break; case '3': /* default graph page */ header("Location: graph_view.php"); break; + default: + api_plugin_hook_function('login_options_navigate', $user['login_opts']); } }else{ header("Location: graph_view.php"); diff -Naur cacti-0.8.7g-old/auth_login.php cacti-0.8.7g/auth_login.php --- cacti-0.8.7g-old/auth_login.php 2010-07-09 18:33:46.000000000 -0400 +++ cacti-0.8.7g/auth_login.php 2010-07-09 18:34:11.000000000 -0400 @@ -124,10 +124,12 @@ } default: - /* Builtin Auth */ - if ((!$user_auth) && (!$ldap_error)) { - /* if auth has not occured process for builtin - AKA Ldap fall through */ - $user = db_fetch_row("SELECT * FROM user_auth WHERE username = '" . $username . "' AND password = '" . md5(get_request_var_post("login_password")) . "' AND realm = 0"); + if (!api_plugin_hook_function('login_process', false)) { + /* Builtin Auth */ + if ((!$user_auth) && (!$ldap_error)) { + /* if auth has not occured process for builtin - AKA Ldap fall through */ + $user = db_fetch_row("SELECT * FROM user_auth WHERE username = '" . $username . "' AND password = '" . md5(get_request_var_post("login_password")) . "' AND realm = 0"); + } } } /* end of switch */ @@ -189,29 +191,42 @@ decide what to do next */ switch ($user["login_opts"]) { case '1': /* referer */ - if (sizeof(db_fetch_assoc("SELECT realm_id FROM user_auth_realm WHERE realm_id = 8 AND user_id = " . $_SESSION["sess_user_id"])) == 0) { - header("Location: graph_view.php"); - }else{ - if (isset($_SERVER["HTTP_REFERER"])) { - $referer = $_SERVER["HTTP_REFERER"]; - if (basename($referer) == "logout.php") { - $referer = "index.php"; - } - } else if (isset($_SERVER["REQUEST_URI"])) { - $referer = $_SERVER["REQUEST_URI"]; - if (basename($referer) == "logout.php") { - $referer = "index.php"; - } - } else { - $referer = "index.php"; + /* because we use plugins, we can't redirect back to graph_view.php if they don't + * have console access + */ + if (isset($_SERVER["HTTP_REFERER"])) { + $referer = $_SERVER["HTTP_REFERER"]; + if (basename($referer) == "logout.php") { + $referer = $config['url_path'] . "index.php"; + } + } else if (isset($_SERVER["REQUEST_URI"])) { + $referer = $_SERVER["REQUEST_URI"]; + if (basename($referer) == "logout.php") { + $referer = $config['url_path'] . "index.php"; } + } else { + $referer = $config['url_path'] . "index.php"; + } + + if (substr_count($referer, "plugins")) { header("Location: " . $referer); + } elseif (sizeof(db_fetch_assoc("SELECT realm_id FROM user_auth_realm WHERE realm_id = 8 AND user_id = " . $_SESSION["sess_user_id"])) == 0) { + header("Location: graph_view.php"); + } else { + header("Location: $referer"); } + break; case '2': /* default console page */ - header("Location: index.php"); break; + header("Location: " . $config['url_path'] . "index.php"); + + break; case '3': /* default graph page */ - header("Location: graph_view.php"); break; + header("Location: " . $config['url_path'] . "graph_view.php"); + + break; + default: + api_plugin_hook_function('login_options_navigate', $user['login_opts']); } exit; }else{ @@ -264,9 +279,17 @@