remove the saved redirect when it's being used, always accept email scope

[authserver.git] / index.php

diff --git a/index.php b/index.php
index e01c7d157b47706dff8f6b793f122fa3c9a7d83c..ee03d8b034c115a935d0913eab33b04edd138733 100644 (file)
--- a/index.php
+++ b/index.php
@@ -70,6 +70,11 @@ if (!count($errors)) {
           // If the session has a redirect set, make sure it's performed.
           if (strlen(@$session['saved_redirect'])) {
             header('Location: '.$utils->getDomainBaseURL().$session['saved_redirect']);
+            // Remove redirect.
+            $result = $db->prepare('UPDATE `auth_sessions` SET `saved_redirect` = :redir WHERE `id` = :sessid;');
+            if (!$result->execute(array(':redir' => '', ':sessid' => $session['id']))) {
+              $utils->log('redir_save_failure', 'session: '.$session['id'].', redirect: (empty)');
+            }
           }
           // If the session has a user set, create a new one - otherwise take existing session entry.
           if (intval($session['user'])) {