redirect after login / logout

[lemon-head]

After logging in, I want to return to the page I was visiting before.

After logging out, I want to return to the page I was visiting before, unless it is restricted.

[lemon-head]

For the PT part:

• [3953] with the small fixes [3954] and [3955] do the redirect after login
• [3956] does the trick after logout.

[lemon-head]

For the BW part:

• [3957] is necessary to make BW redirects possible in the login.
• [3958] enables the redirects for BW

What's still missing:

• redirect in the MustLogin?() function in 'bw/lib/rights.php'.
• preserve GET parameters in the redirect request, in the BW part. This is tricky, because the PRequest::get()->request doesn't really help here (or so it seems).

[lemon-head]

hm, maybe 'review code' is more appropriate here.. The login is a critical part, I don't want to be guilty of security holes.

[lemon-head]

• [4045] - repair a problem with redirect after login
• [4046] - always go to mainpage after logout

(later we might want a special "goodbye" page..)

[micha]

I just noticed, you inserted quite a lot of if/else-stuff in the main page.php-template. Is this necessary? I would vote for putting these in the controller or view-class rather than in the template..

[lemon-head]

Someone could make the redirect work for the BW part, preserving the $_GET parameters, by modifying the RoxView::rightContentOut() like this:

class RoxView
{
    public function rightContentOut()
    {
        $request = PRequest::get()->request;
        if(!isset($request[0])) {
            $redirect_url = false;
        } else if ($request[0]=='login') {
            $redirect_url = implode('/', array_slice($request, 1)).'?'.$_SERVER['QUERY_STRING'];
        } else {
            $redirect_url = false;
        }
        $User = new UserController;
		$User->displayLoginForm($redirect_url);
	}
    }
}

I would do it myself, but my own RoxView? is a messy construction site - don't want to mess with that.

I think it's an easy thing.

[lemon-head]

The important part is to add $_SERVERQUERY_STRING?.

However: Would be a good idea to NOT add a '?' if the query string is empty!

[micha]

Andreas, should we still add the above? I would do it if you give me the go. Ticket 367 is also waiting on these changes.

[lemon-head]

[4374] and [4375] should solve the problem for the BW part with $_GET parameters.

Try  http://test.bewelcome.org/bw/member.php?cid=lupo-test when logged out!

[lemon-head]

Looks like the following files will have to go to alpha / production:

• trunk/build/rox/rox.view.php

• trunk/build/user/user.model.php
• trunk/build/user/user.view.php
• trunk/build/user/user.ctrl.php

• trunk/templates/page.php
• trunk/templates/apps/user/loginform.php

• trunk/htdocs/bw/layout/menus.php

• trunk/htdocs/bw/lib/rights.php

[henri]

(crumbking) If I vistit  http://test.bewelcome.org/bw/member.php?cid=henri works fine for me. Firefox/Mac?, Safari/Mac? Could be moved to alpha. Still getting in use to trac sorry if I mess around here. So many options ;)

[feuerdaemon]

Does not work for me (FF 2.0.0.12 WinXP)

I'm not logged in and open url  http://test.bewelcome.org/bw/member.php?cid=henri (Profile Henri)

I CAN see the profile of Henri.
Logon with user "Admin". -> Direct to the profile of the Admin.
Logon with user "Henri" -> Direct to the profile of Henri.
Logon with user "Wukk" -> Direct to the profile of Wukk.


I'm not logged in and open url  http://test.bewelcome.org/bw/member.php?cid=wukk (Profile Wukk)

I CAN see the profile of Wukk.
Logon with user "Admin". -> Direct to the profile of the Admin.
Logon with user "Henri" -> Direct to the profile of Henri.
Logon with user "Wukk" -> Direct to the profile of Wukk.


I'm not logged in and open url  http://test.bewelcome.org/bw/member.php?cid=lupo-test (Profile Lupo-Test)

I CAN NOT see the profile of Lupo-Test.
Logon with user "Admin". -> Direct to the profile of Lupo-Test.
Logon with user "Henri" -> Direct to the profile of Lupo-Test.
Logon with user "Wukk" -> Direct to the profile of Lupo-Test.


Logout and the direct to the Startpage works fine.

[lemon-head]

The reason is that these are public profiles, while "lupo-test" is not.

Evtl we should show a message saying "The profile of * is only visible to logged-in members"...

I think we can move this to alpha, but should think about a message like the above.

[lemon-head]

Feuerdaemon is right. We need one more change.

It should be in the file htdocs/bw/layout/menus.php
(ouch, my own code there looks horribly convoluted)

[lemon-head]

[4376] - login link in htdocs/bw/layout/menus.php

The list of files to upload to alpha is still valid.

[globetrotter_tt]

it seems that [4374] has broken all the admintools.

i.e. in adminwords i get errormessages like "Notice: Undefined variable: VolAction? in /var/www/test_html/htdocs/bw/admin/adminwords.php on line 71".

when i revert to the previous changeset [3362] everything works fine again.

[lemon-head]

[4377] - repaired.

[feuerdaemon]

Problems like 03/20/08 09:13:28 are solved. -> It does not matter which user you use to login; you get alway redirected to the page you've visited before.

But if you're not loged in an visit " http://test.bewelcome.org/forums/s21/reply" the redirect don't work.

<input type="hidden" value="http://test.bewelcome.org/" name="redirect"/>

[lemon-head]

The reason is in the forum controller.

The controller checks if the user is logged in, and uses a "PRequest::home();" to redirect to mainpage. Doing so, the original url gets lost.

Currently jy is still working on the forum, so I don't want to disturb this work. I can talk to him.

[feuerdaemon]

So lets move this to alpha an implement the redirection for the forum when jy has finished the work.

[lemon-head]

This one is fixed !