I took your code and made a few minor improvements. Using HTTP_REFERER is not foolproof, since it is set by the browser. So my code goes back to the original behavior if the REFERER is not set. Also, this code is for version 3.3.4 and handles checkout logins from both the "Click to login" link and from the regular login box (normally on the right-hand side).
Code:
$mysite_pattern = '~^(http://'.$xcart_http_host.'|https://'.$xcart_https_host.')~';
if($login_type=="C" && !func_is_cart_empty($cart)) {
if (preg_match('/\/cart\.php\?mode=(auth|checkout)/', $_SERVER['HTTP_REFERER'])) {
# go to next step in checkout
header("Location: ../$redirect/cart.php?mode=checkout");
} elseif (preg_match($mysite_pattern, $_SERVER['HTTP_REFERER'])) {
# go back to where we were before login
header("Location: ".$_SERVER['HTTP_REFERER']);
} else {
header("Location: ../$redirect/cart.php");
}
} elseif ( ($config["General"]["default_pwd"]=="Y") and (count($default_accounts)>0) and $admin_safe_mode==false) {
echo"<SCRIPT language='JavaScript'>
alert('Default passwords for one or more administrator/provider accounts are not changed. We recommend you to change default passwords for security reasons. The default X-cart accounts$default_accounts_string!');
self.location='$to_url';
</SCRIPT> ";
}
else {
if (preg_match($mysite_pattern, $_SERVER['HTTP_REFERER'])) {
# go back to where we were before login
header("Location: ".$_SERVER['HTTP_REFERER']);
} else {
header("Location: ../$redirect/home.php");
}
}