Jump to content
Vayu Robins

Redirect after login to original page

Recommended Posts

Hi.

I have a membersite that sends out emails to users with links to specific pages. When the user clicks on the link in the mail and the browser opens the site, the user is redirected to the login page. However, I would like for the user to be redirected back to the page they opened from their mail. I don't see how this can be done in Processwire.

I have a template and in the Access settings, I have chosen to redirect to the login page. There is on tag that I can include with {id}, but that returns the ID of the login page. I would like to have a tag that returns the ID of the original page the user has opened. Maybe a tag called {id_original} could be a way to solve it. Is there some other way I can filter the redirect process?

post-3258-0-86436500-1456396334_thumb.pn

Share this post


Link to post
Share on other sites

It will be interesting to see how this can actually happen (I'm not saying that there isn't a way to circumvent access security).

I have a few comments:

I have a template and in the Access settings, I have chosen to redirect to the login page. 

From the image you provided, this is not what you are attempting.  Unless you mean to go to another type of login page (other than the administrative login).  You then state that your purpose is to redirect to whatever page was linked in the email.

The fact that you have clicked "Yes" on the Access tab on the template means that you are detailing what the page security is going to be.  Anything other than Guest will restrict access to the page (making it viewable), if you are not already logged into the site.  To put it in another way, any page that has a template where the access tab has been activated will follow whatever permissions you have set in that tab.  If you had left the Access tab set to "No", then the page would inherit access from it's parent page.

You say that this is a membership site, so I would assume that access permissions are an integral part of the website's configuration.  In this case, everything works as it should, your credentials are checked for the page you want to access (link to).  

  • If you have access, you go to the page.
  • If you don't have access you either get a 404 page, goto the admin login page to login or go to another page (remember you then still need to have access to wherever you are being redirected to) that you have defined.

The only way you can do what you want is to have ProcessWire simply ignore the setup security and take the email addressee directly to whatever page is set in the email.

Share this post


Link to post
Share on other sites

Thanks for you reply cstevensjr!

I understand the confusion and I should have written something else in the settings page. My image was just to show what I wanted to explain, so that if it was possible to insert a tag {id_original}, then that would be great. I should correct what should be written in the inputfield. It should be something like "/login/?case={id_original}". That way I could access the page id after login and redirect back to the original page. Does that make more sense?

Share this post


Link to post
Share on other sites

Hhm, this may be only of less importance, and I hope, someone else will chime in with a good solution. But if not, I use a login and logout feature with the userswitcher of my ALIF module. If you are comfortable with module creation and hooks, you may have a look at it and pick up some code to build a small module. (Or you put a small code piece into the init.php or ready.php)!

The hook method:

https://github.com/horst-n/AdminLinksInFrontend/blob/master/AdminLinksInFrontend.module#L284

// if it is in a module, it can look like this:
    public function hookBeforeProcessLogin(HookEvent $event) {
        // early return, if it is not a link with the GET param id_original
        if(!$this->input->get('id_original')) return;
        
        // get the redirect URL
        $id = (int)$this->input->get('id_original'); // sanitize via typecasting
        $p = wire('pages')->get("id=$id");
        if(0 == $p->id) return; // it was not an existing / valid pageid
        
        // ?? maybe here you have to do additional validation to secure that the returned page is meant to be served
        // and that it is not one, the user has no access to, ... ??
        ...

        // if it is a valid page, redirect now
        $this->session->redirect($p->url);
    }

Not tested, written in the browser, no warranty, but hope it helps. :)

Share this post


Link to post
Share on other sites

It's entirely possible that you can directly go to a page, but that link in the email or a hook/module must also provide the credential (an authentication or cryptographic nonce) that satisfies the security requirement.

Share this post


Link to post
Share on other sites

Oh! Thanks, Charles. I completly missunderstood.

Do you know, where I can find infos about what and / or how those credentials need to be?

Share this post


Link to post
Share on other sites

I personally feel that this issue is best resolved by just letting the current system work as it should, challenge/verify credentials and then provide access to the linked page.  The whole problem revolves around whether the email user has access privileges on the website wherever you are trying to take them.

No matter what you do, you can't reliably guarantee that the email user is who you think they are.  Even the authentication or cryptographic nonce cannot guarantee that an unsecured email hasn't been compromised over an unsecure Internet. Ignoring that, with just the email link if you had a process where you could store the link, have them login and then somehow recover the page url and take them there.  Your problem again will be, do they have access permission to that linked page?

I guess you can cheat the system by having a hidden page within the member's secured area that has a page with a special template that allows Guest access.  That may get you to the page directly via an email link.

It's basically, Access Security 101.

Share this post


Link to post
Share on other sites

Thanks Horst, I will try to see if I can find a way to use your code snippet. :-)

Charles, I am not sure I understand what you are trying to explain. Sorry :-)

In the email the user receives, there is a link to a page, that one must be logged in (a member) to be able to see. If the user is not logged in and the user opens the link in a browser, then the user will be redirected to a login page. This is how it works now. What I need, is for the user to be redirected to the original page after login. If the user is not a member, then there will be no access, no matter what.

Share this post


Link to post
Share on other sites

Hopefully @horst code works.  I'm sorry if I misunderstood your understanding of how the system should work.

Share this post


Link to post
Share on other sites

Perhaps rather than initially redirecting them to the login page, you could simply add a login form to the page itself. You could do this manually in your template file, or make use of ProtectedMode (http://modules.processwire.com/modules/protected-mode/), either as is, or maybe you could lift some code to make something custom.

  • Like 2

Share this post


Link to post
Share on other sites

@Vayu_Robins: +1 for adrians module. That's the perfect fit for your needs. How could I not think of it? :huh: I use it myself on a site. :)

  • Like 1

Share this post


Link to post
Share on other sites

@Vayu_Robins: +1 for adrians module. That's the perfect fit for your needs. How could I not think of it? :huh: I use it myself on a site. :)

Actually, you might want to look at PageProtector (http://modules.processwire.com/modules/page-protector/) instead. It let's you control access to just specific pages and also lets you embed the login form into your template so the login form sits within the existing look of your page.

  • Like 1

Share this post


Link to post
Share on other sites

Thank you Adrian. I tried PageProtector, but it didn't work on my site. I don't know why though, but it was the part where inserting the login form on a template that didn't work. I ended up just adding a login form to the template, checking if the user is logged in or not.

Thanks everyone for chipping in with ideas and feedback!

  • Like 1

Share this post


Link to post
Share on other sites

@Vayu Robins - did you read through the PageProtector forum thread? @houseofdeadleg couldn't get it to work either, but I think he misunderstood what is required. Do you get any errors with DebugMode On or TracyDebugger installed?

Share this post


Link to post
Share on other sites

Thanks for asking Adrian.

I think I set it up correctly. In the "Login Template" I have chosen to use a template called "login.php". This is the code in that file:

$t = new TemplateFile( wire('config')->paths->templates . 'markup/login-form.php' );
include_once("./init.inc");
$headline = $page->get('headline|title'); 
$content = $loginForm.' '.$page->body. ' ' .$t->render();
include("./main.inc");

It's almost like the code in the init.inc file is not loaded, because all the variables in that file throw errors in main.inc

Share this post


Link to post
Share on other sites

Don't know if it will change anything, but it can be worth a try:

instead of include_once("./init.inc");

you may try to use include_once( dirname(__FILE__) . "/init.inc");

Share this post


Link to post
Share on other sites

I am not sure why it's not working for you. I have been playing around with a setup similar to yours and getting it to output. I am wondering if there are some issues around the way you are rendering the TemplateFile.

You say the the variables from the init.inc are throwing errors - do these go away if you don't use PageProtector, but otherwise the code is the same?

I also see that the TemplateFile is a login form, so it looks like you are already replicating what the module is trying to output with $loginForm?

Share this post


Link to post
Share on other sites

Why not just append a URL param redir=URL and redirect after successful login? The original URL could be stored in session too.

  • Like 1

Share this post


Link to post
Share on other sites

Why not just append a URL param redir=URL and redirect after successful login? The original URL could be stored in session too.

@tpr: Yes, you are right, this is already known as possible solution. see: https://processwire.com/talk/topic/12326-redirect-after-login-to-original-page/#entry114235

I think, @adrian is interested in why it is not working with his module, because it should be. ?! :)

  • Like 1

Share this post


Link to post
Share on other sites

@Adrian, I have also tried without my loginform and yes the errors go away when not using PageProtector. I will paste in the error I get here, maybe it makes some sense to you. 

Notice: Undefined variable: template_url in /Users/vayu/Sites/hunterapp.dev/site/templates/main.inc on line 453 Call Stack #TimeMemoryFunctionLocation 10.0037535928{main}( )../index.php:0 20.323619941048execute ( )../index.php:235 30.323719941400Wire->__call( )../index.php:235 40.323719941728Wire->runHooks( )../Wire.php:333 50.323719943872call_user_func_array:{/Users/vayu/Sites/hunterapp.dev/wire/core/Wire.php:398} ( )../Wire.php:398 60.323719945256ProcessPageView->___execute( )../Wire.php:398 70.358820182456render ( )../ProcessPageView.module:187 80.358820182640Wire->__call( )../ProcessPageView.module:187 90.358820182640Wire->runHooks( )../Wire.php:333 100.453420875128PageProtector->protectedCheck( )../Wire.php:459 110.454320878584wireRenderFile( )../PageProtector.module:280 120.454420882272render ( )../Functions.php:1062 130.454420882456Wire->__call( )../Functions.php:1062 140.454420882456Wire->runHooks( )../Wire.php:333 150.454420884408call_user_func_array:{/Users/vayu/Sites/hunterapp.dev/wire/core/Wire.php:398} ( )../Wire.php:398 160.454420884576TemplateFile->___render( )../Wire.php:398 170.454720925160require( '/Users/vayu/Sites/hunterapp.dev/site/templates/login.php' )../TemplateFile.php:182 180.456521111496include( '/Users/vayu/Sites/hunterapp.dev/site/templates/main.inc' )../login.php:62 assets/bootstrap/css/bootstrap.css" rel="stylesheet">

Share this post


Link to post
Share on other sites

I honestly don't know - I just tried replicating your setup with the "new TemplateFile" approach and it's working just fine.

Anyway, it sounds like you are not using this, so maybe we don't need to worry about it at the moment :)

Share this post


Link to post
Share on other sites

Hi,

I had the same situation as the OP described: URL sent by email to go to a specific page after login.

I solved it with 2 small hooks that I added to a module. You could also add them to your admin.php or ready.php

My URL looks like .../?member=1222 where 1222 is the id of a user
1. hook adds a session variable before Login
 

$this->addHookBefore('ProcessLogin::execute', $this, 'setRedirectId');
	public function setRedirectId(HookEvent $event) {

		if($this->input->get('member')) {
			$this->session->set('goToMember', $this->sanitizer->int($this->input->get('member'));		
		}

	}

2. hook has the redirect logic and removes the session variable

$this->addHookAfter('Session::login', $this, 'loginRedirects');
	public function loginRedirects(HookEvent $event) {

		if($this->user->hasRole('certificationadmin') && $this->session->get('goToMember')) {
			$member = $this->pages->get($this->session->get('goToMember'));
			if($member && $member->id) {
				$this->session->remove('goToMember');
				$this->session->redirect($member->statusPageUrl); // statusPageUrl is a custom property for users that I added via another hook
			}
		}

	}

 

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By stanoliver
      Hi! 
      The following code snippet is part of my markup simple navigation and the url_redirect (url field in the backend) just works fine when I put an special custom url into the url_redirect field.
      <?php $nav = $modules->get("MarkupSimpleNavigation"); // topnav $current = $page->rootParent(); // current root page // subnav echo $nav->render(array( 'max_levels' => 2, 'item_tpl' => '<h4><a class="g8-bar-item g8-hover-black" href="{url_redirect|url}">{title}</a></h4><hr class="sidenav">', 'collapsed' => true, ), $page, $current); ?>  In my seperated breadcrumb navigation I use the following code snippet
      <?php foreach($page->parents()->append($page) as $parent) { echo "<li><a href='{$parent->url_redirect|url}'>{$parent->title}</a></li>"; } ?> Now to the problem: In my first code snippet above the
      url_redirect|url 
      works just fine but when I try something similiar in the second code snippet
      $parent->url_redirect|url
      I produce an server error How do I have to change the second code snippet so that it works in the correct way as the first code snippet does?
    • By angelo, italy
      Hi guys,
      I've always used WP but I want to swtich to PW. I'm not sure ....
      I'd like to know if it's possible to create a website for an online photo contest.
      The participants of the competition could create their own account, in which they upload their photos. The photos uploaded remain visible only to themselves and the judges.
      From their account they can make the "entrance fee" payment.
      The judges of the competition can create their own account... entering they see the photos of the participants and vote photos
      At the main page I imagine the title of the competition, a button to read the regulation, and a button to register.
      The website should be in Italian and English.
      Thank you!!
       
       
    • By Orkun
      Hi Guys
      How can I make a redirect inside the .htaccess to my custom maintenance.html file when any URL of my Website is accessed except the processwire admin (www.example.com/processwire/).
      Because I want that my User's still can access the website when they are loggedin in Processwire.
      When the current url starts with /processwire or if there is a processwire-login-cookie (Is there a cookie when user is logged in Processwire?) available the redirect should not work. Otherwise it should work.
      How can I achieve this?
    • By Peter Knight
      I have a demo site which I moved to a new VPS for client testing
      We noticed that leaving a page open and then revisiting the site can result in a 25 second(ish) to load time and will then throw a 500 Error.
      The hosting guys had a look and confirmed that the server is fine but the issue could be related to authentication or sessions.
      We are running Page Protector and ProCache so I wondered if there were any known bugs here and any recommended actions.
      My actual PW log doesn't show anything but the server log has plenty of these
       
      2018-12-06 08:14:00 Error xxx.141.1x.101 500 POST /who-we-are/ HTTP/1.0     1.58 K Apache access 2018-12-06 08:14:45 Warning xxx.141.1x.131   mod_fcgid: read data timeout in 45 seconds, referer: http://demo.abc.not/who-we-are/       Apache error 2018-12-06 08:14:45 Error xxx.141.1x.131   End of script output before headers: index.php, referer: http://demo.abc.not/who-we-are/       Apache error 2018-12-06 09:03:18 Error xxx.141.1x.131   2614#0: *667 recv() failed (104: Connection reset by peer) while reading response header from upstream       nginx error Thanks
      P
    • By Marcel
      Hey all,
      I want to customize the mywebsite/processwire/profile page. It's almost all good but I want to get rid of the sections 'Admin Theme' and 'Language' so that the user can just set a new password. (see image)
      Do I have to modify the admin template or how can I do that? Because when I go tree>Admin>Profile there are no fields to add or remove.
      Or where can I find the php file?
      I would appreciate your help.

×
×
  • Create New...