4 files changed, 17 insertions, 14 deletions

diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php
index 787a2138..c460f58c 100644
--- a/modules/gallery/controllers/admin.php
+++ b/modules/gallery/controllers/admin.php
@@ -22,7 +22,12 @@ class Admin_Controller extends Controller {
 
   public function __construct($theme=null) {
     if (!identity::active_user()->admin) {
-      access::forbidden();
+      if (identity::active_user()->guest) {
+        Session::instance()->set("continue_url", url::abs_current(true));
+        url::redirect("login");
+      } else {
+        access::forbidden();
+      }
     }
 
     parent::__construct();
@@ -78,7 +83,7 @@ class Admin_Controller extends Controller {
   private static function _prompt_for_reauth($controller_name, $args) {
     if (request::method() == "get" && !request::is_ajax()) {
       // Avoid anti-phishing protection by passing the url as session variable.
-      Session::instance()->set("continue_url", url::current(true));
+      Session::instance()->set("continue_url", url::abs_current(true));
     }
     url::redirect("reauthenticate");
   }
diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php
index 40125476..2b60316b 100644
--- a/modules/gallery/controllers/login.php
+++ b/modules/gallery/controllers/login.php
@@ -38,15 +38,18 @@ class Login_Controller extends Controller {
   }
 
   public function html() {
-    print auth::get_login_form("login/auth_html");
+    $view = new Theme_View("page.html", "other", "login");
+    $view->page_title = t("Login");
+    $view->content = auth::get_login_form("login/auth_html");
+    print $view;
   }
 
   public function auth_html() {
     access::verify_csrf();
 
-    $continue_url = Session::instance()->get("continue_url", null);
     list ($valid, $form) = $this->_auth("login/auth_html");
     if ($valid) {
+      $continue_url = $form->continue_url->value;
       url::redirect($continue_url ? $continue_url : item::root()->abs_url());
     } else {
       $view = new Theme_View("page.html", "other", "login");
diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php
index 967dad49..20fa8074 100644
--- a/modules/gallery/controllers/logout.php
+++ b/modules/gallery/controllers/logout.php
@@ -21,14 +21,9 @@ class Logout_Controller extends Controller {
   public function index() {
     access::verify_csrf();
     auth::logout();
-    if ($continue_url = Input::instance()->get("continue")) {
-      $item = url::get_item_from_uri($continue_url);
-      if (access::can("view", $item)) {
-        // Don't use url::redirect() because it'll call url::site() and munge the continue url.
-        header("Location: $continue_url");
-      } else {
-        url::redirect(item::root()->abs_url());
-      }
+    if ($continue_url = Input::instance()->get("continue_url")) {
+      url::redirect($continue_url);
     }
+    url::redirect(item::root()->abs_url());
   }
 }
\ No newline at end of file
diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php
index 3503d80a..acb27f6a 100644
--- a/modules/gallery/controllers/reauthenticate.php
+++ b/modules/gallery/controllers/reauthenticate.php
@@ -37,8 +37,7 @@ class Reauthenticate_Controller extends Controller {
     if ($valid) {
       message::success(t("Successfully re-authenticated!"));
       module::event("user_auth", $user);
-      $continue_url = Session::instance()->get_once("continue_url", "admin");
-      url::redirect($continue_url);
+      url::redirect($form->continue_url->value);
     } else {
       $name = $user->name;
       log::warning("user", t("Failed re-authentication for %name", array("name" => $name)));
@@ -59,6 +58,7 @@ class Reauthenticate_Controller extends Controller {
   private static function _form() {
     $form = new Forge("reauthenticate/auth", "", "post", array("id" => "g-reauthenticate-form"));
     $form->set_attr('class', "g-narrow");
+    $form->hidden("continue_url")->value(Session::instance()->get("continue_url", "admin"));
     $group = $form->group("reauthenticate")->label(t("Re-authenticate"));
     $group->password("password")->label(t("Password"))->id("g-password")->class(null)
       ->callback("auth::validate_too_many_failed_auth_attempts")