From 7aa3e280e9457515040a4775cdb861f6ed2ef5f1 Mon Sep 17 00:00:00 2001
From: Yannick Warnier <yannick.warnier@beeznest.com>
Date: Tue, 5 Dec 2006 16:58:06 +0100
Subject: [PATCH] [svn r10317] Fixed bug in api_not_allowed() preventing to log
 back in when no cidReq in REQUEST_URI

---
 main/inc/lib/main_api.lib.php | 38 ++++++++++++++++++++++-------------
 1 file changed, 24 insertions(+), 14 deletions(-)

diff --git a/main/inc/lib/main_api.lib.php b/main/inc/lib/main_api.lib.php
index f7d4bb3b72..aa15b010e1 100644
--- a/main/inc/lib/main_api.lib.php
+++ b/main/inc/lib/main_api.lib.php
@@ -1308,20 +1308,30 @@ function api_is_allowed($tool, $action, $task_id = 0)
 function api_not_allowed()
 {
 	$home_url = api_get_path(WEB_PATH);
-	include_once (api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php');
-	$form = new FormValidator('formLogin');
-	$form->addElement('static',null,null,'Username');
-	$form->addElement('text','login','',array('size'=>15));
-	$form->addElement('static',null,null,'Password');
-	$form->addElement('password','password','',array('size'=>15));
-	$form->addElement('submit','submitAuth',get_lang('Ok'));
-	$test = $form->return_form();
-	Display :: display_error_message("<p>Either you are not allowed here or your session has expired.<br/><br/>Please try to login again using the following form: <br/>".$test);
-	echo '<div align="center">';
-	echo '</div>';
-	$_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
-	Display::display_footer();
-	die();
+	if(!empty($_SERVER['REQUEST_URI']) && !empty($_GET['cidReq'])){
+		//only display form and return to the previous URL if there was a course ID included
+		include_once (api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php');
+		$form = new FormValidator('formLogin');
+		$form->addElement('static',null,null,'Username');
+		$form->addElement('text','login','',array('size'=>15));
+		$form->addElement('static',null,null,'Password');
+		$form->addElement('password','password','',array('size'=>15));
+		$form->addElement('submit','submitAuth',get_lang('Ok'));
+		$test = $form->return_form();
+		echo '<div align="center">';
+		Display :: display_error_message("<p>Either you are not allowed here or your session has expired.<br/><br/>Please try to login again using the following form: <br/>".$test);
+		echo '</div>';
+		$_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
+		Display::display_footer();
+		die();
+	}else{
+		//if no course ID was included in the requested URL, redirect to homepage
+		echo '<div align="center">';
+		Display :: display_error_message('<p>Either you are not allowed here or your session has expired.<br/><br/><a href="'.$home_url.'">Please try to login again from the homepage</a><br/>');
+		echo '</div>';
+		Display::display_footer();
+		die();
+	}
 }
 /**
 * Returns true if student view option is enabled, false otherwise. If it is