--- shib_auth.module  2009-05-07 14:21:58.000000000 +0200
+++ shib_auth.module.new  2009-08-14 09:48:01.231027205 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: shib_auth.module,v 1.3.4.5.2.26 2009/05/07 12:21:58 martoni Exp $
+// $Id$
 /**
  * @file
  * This is a Shibboleth authentication module.
@@ -51,6 +51,9 @@ function shib_auth_isDebug() {
 function shib_auth_init() {
   global $user;
 
+  // Make sure that the user module is already loaded.
+  drupal_load('module','user');
+
   $shib_headers_exist = ($_SERVER['HTTP_SHIB_IDENTITY_PROVIDER'] || $_SERVER['Shib-Identity-Provider']);
 
   if (shib_auth_isDebug()) {
@@ -140,36 +143,34 @@ function shib_auth_init() {
             // if there's no override, the admin can enable users to provide their own e-mail address on an appropriate form
             else {
             // if the custom mail was enabled on the admin form
-              
-                if ($_POST['form_id'] == 'shib_auth_custom_email' && $_POST['custom_mail']) $custom_mail = $_POST['custom_mail'];
-                //if the user provided the custom mail string, and it is not empty
-                if (isset($custom_mail) && $custom_mail) {
-                // and it isn't used by another registered drupal user
-                  $email_already_used_query = db_query("SELECT * FROM {users} WHERE mail='%s'", $custom_mail);
-                  $email_already_used = db_fetch_object($email_already_used_query);
-                  if ($email_already_used) {
-                    drupal_set_message(t("Error saving user account. E-mail address is already used."), 'error');
-                  }
-                  //register the user with the given address, and the shib provided username
-                  else {
-                    user_external_login_register($uname, "shib_auth");
-                    $_SESSION['authentication'] = 'shib_auth';
-                    $user = user_save($user, array('mail' => $custom_mail));
-                  }
-                  //then the user is redirected to the page, which she wanted to open before the auth process had been initiated
-                  if (isset($_SESSION['redirected_to_custom_mail_form_url'])) {
-                    $redirect_url = $_SESSION['redirected_to_custom_mail_form_url'];
-                    unset($_SESSION['redirected_to_custom_mail_form_url']);
-                    drupal_goto($redirect_url);
-                  }
+            if ($_POST['form_id'] == 'shib_auth_custom_email' && $_POST['custom_mail']) $custom_mail = $_POST['custom_mail'];
+              //if the user provided the custom mail string, and it is not empty
+              if (isset($custom_mail) && $custom_mail) {
+              // and it isn't used by another registered drupal user
+                $email_already_used_query = db_query("SELECT * FROM {users} WHERE mail='%s'", $custom_mail);
+                $email_already_used = db_fetch_object($email_already_used_query);
+                if ($email_already_used) {
+                  drupal_set_message(t("Error saving user account. E-mail address is already used."), 'error');
                 }
-                //We want to show the custom mail input form, and then redirect the user to the node, he wanted to go
+                //register the user with the given address, and the shib provided username
                 else {
-                  $_SESSION['redirected_to_custom_mail_form'] = TRUE;
-                  $_SESSION['redirected_to_custom_mail_form_url'] = $_GET['q'];
-                  drupal_goto('shib_auth/get_custom_mail');
+                  user_external_login_register($uname, "shib_auth");
+                  $_SESSION['authentication'] = 'shib_auth';
+                  $user = user_save($user, array('mail' => $custom_mail));
+                }
+                //then the user is redirected to the page, which she wanted to open before the auth process had been initiated
+                if (isset($_SESSION['redirected_to_custom_mail_form_url'])) {
+                  $redirect_url = $_SESSION['redirected_to_custom_mail_form_url'];
+                  unset($_SESSION['redirected_to_custom_mail_form_url']);
+                  drupal_goto($redirect_url);
                 }
-              
+              }
+              //We want to show the custom mail input form, and then redirect the user to the node, he wanted to go
+              else {
+                $_SESSION['redirected_to_custom_mail_form'] = TRUE;
+                $_SESSION['redirected_to_custom_mail_form_url'] = $_GET['q'];
+                drupal_goto('shib_auth/get_custom_mail');
+              }
             }
           }
         }
@@ -210,7 +211,7 @@ function shib_auth_init() {
     // Hack to reset the permissions
     user_access('access content', $account, TRUE);
   }
-} // function shib_auth_init()
+} // function shib_auth_boot()
 
 /**
  * Let the user exit from the Shibboleth authority when he/she log out from the actual Drupal site.
@@ -288,8 +289,17 @@ function generate_login_text() {
       if ( !ereg("^/", $handlerurl) ) $handlerurl = "/". $handlerurl;
       $handler = $handlerprotocol ."://". $_SERVER['HTTP_HOST'] . $handlerurl . $wayfuri;
     }
+
+    //Check clean url settings
+    variable_get('clean_url', FALSE) ? $url_prefix = '' : $url_prefix = '?q=/';
+
     //$actuallocation: the path where the Shibboleth should return
-    $actuallocation = (isset($_SERVER['HTTPS']) ? 'https' : 'http') .'://'. $_SERVER['HTTP_HOST'] . request_uri();
+    $actuallocation = (isset($_SERVER['HTTPS']) ? 'https' : 'http') 
+                             .'://'. $_SERVER['HTTP_HOST']
+                             . url('<front>')
+                             . $url_prefix
+                             .'shib_login/'
+                             . $_GET['q'];
 
     // If there is no session yet then we should put the login text into the block
     $block_content .= "<p><b><a href=\"$handler?target=$actuallocation\">"
@@ -530,8 +540,33 @@ function shib_auth_menu() {
     'type'             => MENU_CALLBACK,
   );
 
+  $items['shib_login/%'] = array(
+    'page callback'    => 'shib_login',
+    'type'             => MENU_CALLBACK,
+    'access callback'  => 'access_shib_login',
+  );
+
+
   return $items;
 } // function shib_auth_menu()
+
+/**
+ * Cache exclude helper function
+ *
+ */
+function shib_login() {
+  drupal_goto(substr($_GET['q'], 11));
+}
+
+/**
+ * Helper access function, always true.
+ *
+ * @returns always TRUE.
+ */
+function access_shib_login() {
+  return TRUE;
+}
+
 /**
  * Generate the custom e-mail provider form
  * @returns HTML text of the custom e-mail form
@@ -552,6 +587,7 @@ function shib_auth_custom_email() {
 
   return $form;
 } // function shib_auth_custom_email()
+
 /**
  * E-mail validator
  * @param form form identifier
@@ -562,12 +598,13 @@ function shib_auth_custom_email_validate
     form_set_error('', t('You have to fill the \'E-mail\' field.'));
   }
 } // shib_auth_custom_email_validate()
-//
+
 /**
  * This function enables the administrator to clone an existing rule, this is useful,
  * when we want to create a rule, which is simiral to another one
  * @param id rule identifier
  */
+
 function _shib_auth_clone_rule($id) {
   $rule = db_query("SELECT * FROM {shib_auth} WHERE id = %d", array($id));
   $db_entry = db_fetch_array($rule);
@@ -582,6 +619,7 @@ function _shib_auth_clone_rule($id) {
  * This function lets the admin to delete an existing rule
  * @param id rule identifier
  */
+
 function _shib_auth_delete_rule($id) {
   db_query("DELETE FROM {shib_auth} WHERE id = %d", array($id));
   drupal_set_message('Rule <span style="font-weight: bold;">#'. $id .'</span> has been deleted.' , 'warning');
@@ -633,6 +671,7 @@ function shib_auth_form_alter(&$form, &$
     );
   }
 }
+
 /**
  * Saves a new rule, containing he rule name, the server attrubite, the RegExp, and the role names
  *
@@ -710,6 +749,7 @@ function shib_auth_edit_rule($form_state
   }
 
 }//function shib_auth_edit_rule()
+
 /**
  * Generate the shibboleth rule adding form
  *