X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/2f6ff0734773c4ac009de699a2661971fd585b22..refs/pull/2296/head:/app/Http/Controllers/Auth/LoginController.php

diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
index f031c12cf..8084ce1a5 100644
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -77,9 +77,13 @@ class LoginController extends Controller
             ]);
         }
 
+        // Store the previous location for redirect after login
         $previous = url()->previous('');
-        if (setting('app-public') && $previous && $previous !== url('/http/source.bookstackapp.com/login')) {
-            redirect()->setIntendedUrl($previous);
+        if ($previous && $previous !== url('/http/source.bookstackapp.com/login') && setting('app-public')) {
+            $isPreviousFromInstance = (strpos($previous, url('/')) === 0);
+            if ($isPreviousFromInstance) {
+                redirect()->setIntendedUrl($previous);
+            }
         }
 
         return view('auth.login', [
@@ -99,6 +103,7 @@ class LoginController extends Controller
     public function login(Request $request)
     {
         $this->validateLogin($request);
+        $username = $request->get($this->username());
 
         // If the class is using the ThrottlesLogins trait, we can automatically throttle
         // the login attempts for this application. We'll key this by the username and
@@ -107,9 +112,7 @@ class LoginController extends Controller
             $this->hasTooManyLoginAttempts($request)) {
             $this->fireLockoutEvent($request);
 
-            // Also log some error message
-            Activity::logFailedAccess($request->get($this->username()));
-
+            Activity::logFailedLogin($username);
             return $this->sendLockoutResponse($request);
         }
 
@@ -118,6 +121,7 @@ class LoginController extends Controller
                 return $this->sendLoginResponse($request);
             }
         } catch (LoginAttemptException $exception) {
+            Activity::logFailedLogin($username);
             return $this->sendLoginAttemptExceptionResponse($exception, $request);
         }
 
@@ -126,9 +130,7 @@ class LoginController extends Controller
         // user surpasses their maximum number of attempts they will get locked out.
         $this->incrementLoginAttempts($request);
 
-        // Also log some error message
-        Activity::logFailedAccess($request->get($this->username()));
-
+        Activity::logFailedLogin($username);
         return $this->sendFailedLoginResponse($request);
     }