Am I right to think this is a change in 1.5.9? Is there any way to change it back?User Details
Welcome to the registered user area of our site.
No auto login redirect to same page anymore?
-
- Joomla! Guru
- Posts: 522
- Joined: Mon Oct 01, 2007 11:35 am
No auto login redirect to same page anymore?
I could be wrong but I think in the past after login users were taken to the page where they were before. Now they end up on a page with nothing but this text:
- infograf768
- Joomla! Master
- Posts: 19133
- Joined: Fri Aug 12, 2005 3:47 pm
- Location: **Translation Matters**
Re: No auto login redirect to same page anymore?
Please look
http://joomlacode.org/gf/project/joomla ... m_id=14710
If using the module, do not use a redirection to such a menu item,
If using a user login menu item, do not enter the url stated in the tracker as redirection.
http://joomlacode.org/gf/project/joomla ... m_id=14710
If using the module, do not use a redirection to such a menu item,
If using a user login menu item, do not enter the url stated in the tracker as redirection.
Jean-Marie Simonet / infograf
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group
-
- Joomla! Guru
- Posts: 522
- Joined: Mon Oct 01, 2007 11:35 am
Re: No auto login redirect to same page anymore?
Ah, thanks, I forgot to mention that: the login module is, and was, set not to redirect, and there is no login menu item.
While checking it just now, I saw that the help balloon says that if no redirect page is selected then there will be an automatic redirection to the front page. Again, I could well be wrong, but I thought users were taken to the page last visited before login unless, as you pointed out, another page is set.
So that would make the question: is it possible in some way to direct users back to the last visited page, i.e. not to redirect upon login?
Btw, I was prompted to post about this when I noticed last night that the JED now also redirects to an empty page with that welcome message. For some time my browser has logged me into the JED automatically but I seem to remember the redirection was different in the past.
While checking it just now, I saw that the help balloon says that if no redirect page is selected then there will be an automatic redirection to the front page. Again, I could well be wrong, but I thought users were taken to the page last visited before login unless, as you pointed out, another page is set.
So that would make the question: is it possible in some way to direct users back to the last visited page, i.e. not to redirect upon login?
Btw, I was prompted to post about this when I noticed last night that the JED now also redirects to an empty page with that welcome message. For some time my browser has logged me into the JED automatically but I seem to remember the redirection was different in the past.
-
- Joomla! Guru
- Posts: 522
- Joined: Mon Oct 01, 2007 11:35 am
Re: No auto login redirect to same page anymore?
Puzzled by this and still suspecting a change in the code, I have just compared the files of J!1.5.3 with those of J!1.5.9.
In 1.5.3 mod_login helper.php had this:
In 1.5.9 this was changed to the following:
I think the 1.5.3 lines marked by the comment "// Redirect to login" would redirect to the page where the login button was clicked, and I think JURI::base in 1.5.9 effectively means the front page.
If so, then indeed it was possible in the past not to set a redirection page so as to make users return to the previous page, whereas now there will always be redirection whether to the front page or, if and as set by the administrator, elsewhere.
Frankly, if this is not a bug it is certainly no improvement.
So, what I am going to do is to change my files as follows, and I hope 1.5.10 will have the same:
I have not tested it yet, but something like this should preserve the old functionality while adding the new functionality.
In 1.5.3 mod_login helper.php had this:
Code: Select all
function getReturnURL($params, $type)
{
if($itemid = $params->get($type))
{
$menu =& JSite::getMenu();
$item = $menu->getItem($itemid);
$url = $item->link;
}
else
{
// Redirect to login
$uri = JFactory::getURI();
$url = $uri->toString();
}
return base64_encode($url);
}
Code: Select all
function getReturnURL($params, $type)
{
if($itemid = $params->get($type))
{
$menu =& JSite::getMenu();
$item = $menu->getItem($itemid);
$url = JRoute::_($item->link.'&Itemid='.$itemid, false);
}
else
{
$url = JURI::base(true);
}
return base64_encode($url);
}
If so, then indeed it was possible in the past not to set a redirection page so as to make users return to the previous page, whereas now there will always be redirection whether to the front page or, if and as set by the administrator, elsewhere.
Frankly, if this is not a bug it is certainly no improvement.
So, what I am going to do is to change my files as follows, and I hope 1.5.10 will have the same:
Code: Select all
add in xml:
<param name="redirect" type="radio" default="0" label="Redirect" description="Redirect to home page or elsewhere as selected">
<option value="0">No</option>
<option value="1">Yes</option>
</param>
change in helper.php
function getReturnURL($params, $type)
{
$redirection = $params->get( 'redirect', 0 )
if ($redirection!=0)
{
if($itemid = $params->get($type))
{
$menu =& JSite::getMenu();
$item = $menu->getItem($itemid);
$url = JRoute::_($item->link.'&Itemid='.$itemid, false);
}
else
{
$url = JURI::base(true);
}
} else
{
// Redirect to login
$uri = JFactory::getURI();
$url = $uri->toString();
}
return base64_encode($url);
}
- mcsmom
- Joomla! Exemplar
- Posts: 7897
- Joined: Thu Aug 18, 2005 8:43 pm
- Location: New York
- Contact:
Re: No auto login redirect to same page anymore?
There was a security fix that filters redirects through isInternal which is part of what you are seeing there.
There was also a problem for users who did not have a referrer set. I think the changes made also address that.
There was also a problem for users who did not have a referrer set. I think the changes made also address that.
So we must fix our vision not merely on the negative expulsion of war, but upon the positive affirmation of peace. MLK 1964.
http://officialjoomlabook.com Get it at http://www.joomla.org/joomla-press-official-books.html Buy a book, support Joomla!.
http://officialjoomlabook.com Get it at http://www.joomla.org/joomla-press-official-books.html Buy a book, support Joomla!.
-
- Joomla! Guru
- Posts: 522
- Joined: Mon Oct 01, 2007 11:35 am
Re: No auto login redirect to same page anymore?
Thanks for the info, but I am not sure if I completely understand. I guess what you are saying is that the new code prevents that someone could manipulate the URL to abuse of the redirect to the same page, and that sometimes there was no current page to redirect back to? I am not sure that I understand because I am assuming one needs an existing page to find the login module.
I wonder if there would not have been a way to close a security gap which would still allow users to get back to the page where they were. Personally I dislike it very much when I am forced to again browse to the page where I already was, and I would like to avoid inflicting this on my users.
How big is the security issue that the new code aims to fix? Would I be irresponsible to revert back to the old code for a small, nearly unnoticed but frequently backed-up website?
I wonder if there would not have been a way to close a security gap which would still allow users to get back to the page where they were. Personally I dislike it very much when I am forced to again browse to the page where I already was, and I would like to avoid inflicting this on my users.
How big is the security issue that the new code aims to fix? Would I be irresponsible to revert back to the old code for a small, nearly unnoticed but frequently backed-up website?
-
- Joomla! Fledgling
- Posts: 4
- Joined: Sun Jan 25, 2009 6:00 am
Re: No auto login redirect to same page anymore?
ewel wrote:Thanks for the info, but I am not sure if I completely understand. I guess what you are saying is that the new code prevents that someone could manipulate the URL to abuse of the redirect to the same page, and that sometimes there was no current page to redirect back to? I am not sure that I understand because I am assuming one needs an existing page to find the login module.
I wonder if there would not have been a way to close a security gap which would still allow users to get back to the page where they were. Personally I dislike it very much when I am forced to again browse to the page where I already was, and I would like to avoid inflicting this on my users.
How big is the security issue that the new code aims to fix? Would I be irresponsible to revert back to the old code for a small, nearly unnoticed but frequently backed-up website?
I agree with you on this. I think it explains my question from yesterday:
http://forum.joomla.org/viewtopic.php?p ... 4#p1561994
If it's a security fix, then the fix was to lose functionality.
If you auto login because the "remember me" option was selected, then the return parameter should not be ignored.
It works if you use the form, why shouldn't it work if auto-login because "remember me" was seletected?
I can understand that you don't want the return to be abused by anyone using your site for redirects, but the redirection only happens after a successful login.
This is a bug.
- mcsmom
- Joomla! Exemplar
- Posts: 7897
- Joined: Thu Aug 18, 2005 8:43 pm
- Location: New York
- Contact:
Re: No auto login redirect to same page anymore?
No, because you could be redirected to a hostile site before the isInternal. You really do not want that to happen.
I agree that it is very strange that the form and the module are handling the redirects differently. Well the form by definition doesn't sure the referrer to redirect whereas as you point out, before that was the default behavior. I spent some time on a related issue last week and it was a puzzle there too. Further, why does the module use JRoute for the redirect but the component does not?
If you think you have a code solution to this please post it to the tracker. However please remember to test it with the referrer off (this is a setting of your browser).
I agree that it is very strange that the form and the module are handling the redirects differently. Well the form by definition doesn't sure the referrer to redirect whereas as you point out, before that was the default behavior. I spent some time on a related issue last week and it was a puzzle there too. Further, why does the module use JRoute for the redirect but the component does not?
If you think you have a code solution to this please post it to the tracker. However please remember to test it with the referrer off (this is a setting of your browser).
So we must fix our vision not merely on the negative expulsion of war, but upon the positive affirmation of peace. MLK 1964.
http://officialjoomlabook.com Get it at http://www.joomla.org/joomla-press-official-books.html Buy a book, support Joomla!.
http://officialjoomlabook.com Get it at http://www.joomla.org/joomla-press-official-books.html Buy a book, support Joomla!.
-
- Joomla! Fledgling
- Posts: 4
- Joined: Sun Jan 25, 2009 6:00 am
Re: No auto login redirect to same page anymore?
mcsmom wrote:No, because you could be redirected to a hostile site before the isInternal. You really do not want that to happen.
I agree that it is very strange that the form and the module are handling the redirects differently. Well the form by definition doesn't sure the referrer to redirect whereas as you point out, before that was the default behavior. I spent some time on a related issue last week and it was a puzzle there too. Further, why does the module use JRoute for the redirect but the component does not?
If you think you have a code solution to this please post it to the tracker. However please remember to test it with the referrer off (this is a setting of your browser).
I'll definitely need this to work with referrer off.
When you say module, which module are your referring to? I assumed that the "remember me" functionality was handled by a plugin.
Part of the problem could be that if remember me was NOT selected and I redirect my other application to "/index.php?option=com_user&view=login&return=[endcodedUrl]", there is another post with a task set and the redirect occurs.
If remember me was previously selected, then authentication occurs. Since no task is selected the view is just displayed, which contains just the message and the logout button.
This behavior is what makes integration with apps outside of joomla difficult. Either the controller or the user.php needs to be smarter. Or whatever code that handles the "remember me" functionaliy needs to be able to check the host and handle redirect itself.
BTW, do you know where the code is at that handles the remember me functionality? I'd love to help out, but I'm not sure exactly where to look yet.
-
- Joomla! Guru
- Posts: 522
- Joined: Mon Oct 01, 2007 11:35 am
Re: No auto login redirect to same page anymore?
I am probably still not understanding the depth of the issue..
If isInternal is the key to success, wouldn't this work?
If isInternal is the key to success, wouldn't this work?
Code: Select all
// Redirect to login
$uri = JFactory::getURI();
$url = (isInternal( $uri )) ? $uri->toString() : JURI::base(true);
-
- Joomla! Fledgling
- Posts: 4
- Joined: Sun Jan 25, 2009 6:00 am
Re: No auto login redirect to same page anymore?
ewel wrote:I am probably still not understanding the depth of the issue..
If isInternal is the key to success, wouldn't this work?Code: Select all
// Redirect to login $uri = JFactory::getURI(); $url = (isInternal( $uri )) ? $uri->toString() : JURI::base(true);
It's definitely the API call to use, I just don't know yet where the best place is to put the redirect.
-
- Joomla! Guru
- Posts: 522
- Joined: Mon Oct 01, 2007 11:35 am
Re: No auto login redirect to same page anymore?
My focus was on keeping users at the same page when they use the module to login. Just now I also tested if there is a redirect if a user visits a page with registered users content, but there the user is passed back to the article as normal. So from what I can see and understand, the issue is with the module.
As to the module, above I showed the changes in the code which effectively lead to a redirection to a page with a User Details message. Then I merged the old and the new by adding a parameter allowing a choice between no redirection in the old way and redirection in the new way of J!1.5.9. When no redirection is set, aparently using isInternal makes all the difference, and this could be inserted as per my previous post.
So, all in all, this should work and I think it's time to try this on my website to see what happens.
As to the module, above I showed the changes in the code which effectively lead to a redirection to a page with a User Details message. Then I merged the old and the new by adding a parameter allowing a choice between no redirection in the old way and redirection in the new way of J!1.5.9. When no redirection is set, aparently using isInternal makes all the difference, and this could be inserted as per my previous post.
So, all in all, this should work and I think it's time to try this on my website to see what happens.
-
- Joomla! Guru
- Posts: 522
- Joined: Mon Oct 01, 2007 11:35 am
Re: No auto login redirect to same page anymore?
I tested the below code, and it all seems to work.
in mod_login's helper.php file
in mod_login.xml installation file
It is bad enough that I make users register but making them search the page they found after they login would be so much worse, so I am very glad I seem to have gotten rid of all redirections!
If any core members are reading this thread I would appreciate a comment about whether my code is utterly stupid or not, and whether it would be possible to do something to the same effect in the next version of Joomla.
Since apparently there are security issues involved I will just note that I do not recommend that anyone uses this code instead of the original core code in the lastest version and that anyone using this code does so at his/her own risk - certainly not at mine.
in mod_login's helper.php file
Code: Select all
class modLoginHelper {
function getReturnURL($params, $type) {
$redirectornot = $params->get( 'redirect', 0 );
if ($redirectornot == 1) {
if($itemid = $params->get($type)) {
$menu =& JSite::getMenu();
$item = $menu->getItem($itemid);
$url = JRoute::_($item->link.'&Itemid='.$itemid, false);
} else {
$url = JURI::base(true);
}
} else {
$juri = JFactory::getURI();
$uri = $juri->toString();
if ( JURI::isInternal($uri) && !empty($uri) ) {
$url = $uri;
} else {
$url = JURI::base(true);
}
}
return base64_encode($url);
}
function getType() {
$user = & JFactory::getUser();
return (!$user->get('guest')) ? 'logout' : 'login';
}
}
Code: Select all
<param name="redirect" type="radio" default="0" label="Redirect" description="Redirect to home page or elsewhere as selected">
<option value="0">No</option>
<option value="1">Yes</option>
</param>
If any core members are reading this thread I would appreciate a comment about whether my code is utterly stupid or not, and whether it would be possible to do something to the same effect in the next version of Joomla.
Since apparently there are security issues involved I will just note that I do not recommend that anyone uses this code instead of the original core code in the lastest version and that anyone using this code does so at his/her own risk - certainly not at mine.
-
- Joomla! Enthusiast
- Posts: 190
- Joined: Thu Jan 10, 2008 1:43 pm
Re: No auto login redirect to same page anymore?
I have a related problem, I think. When you create an account on my site the page redirects to the home page with no message to say welcome, etc. You don't know if you registered or not. If you fill in the contact form, the page redirects to a blank contact form, so you have no way of knowing the message was sent.
Is something corrupted in my joomla 1.5.9 files? What can I do to fix this -- I don't think I'm knowlegable enough to monkey around with the php files too much.
Is something corrupted in my joomla 1.5.9 files? What can I do to fix this -- I don't think I'm knowlegable enough to monkey around with the php files too much.
- dianascherff
- Joomla! Fledgling
- Posts: 3
- Joined: Tue Nov 07, 2006 9:27 am
- Location: Los Angeles, CA, USA
Re: No auto login redirect to same page anymore?
Wow does it! I thought I was going to scream trying to get the login/logout page to redirect to somewhere useful because when I tried to use an "External Link" as my redirect page and set it back to index.php, it never worked. That would be an awesome awesome addition to the next Joomla! update so we don't have to make sure those files aren't overwritten...hint hint to whoever handles that. I'm sure it was removed for a reason, but it was really very necessary step to keep the website simple for clients to navigate.ewel wrote:I tested the below code, and it all seems to work.
I too am having the problem with the registration not redirecting to a "successful registration" page or providing instructions on what they must do next (activate their account). This problem occurs even without the above modifications present. There also isn't a message if the user typed in their user ID or password incorrectly. My site just clears the login form which could be confused for problems with cookies. Any help/advise would be greatly appreciated.
Last edited by dianascherff on Sat Feb 07, 2009 1:11 am, edited 1 time in total.
-
- Joomla! Guru
- Posts: 522
- Joined: Mon Oct 01, 2007 11:35 am
Re: No auto login redirect to same page anymore?
Redirecting for security reasons is a little bit like forcing women to leave their hand bags at the entrance of the super market: very secure but also certain to turn people away. For myself I see no point in an empty but secure super market.
- mcsmom
- Joomla! Exemplar
- Posts: 7897
- Joined: Thu Aug 18, 2005 8:43 pm
- Location: New York
- Contact:
Re: No auto login redirect to same page anymore?
No one cares about security until their site has been hacked.
So we must fix our vision not merely on the negative expulsion of war, but upon the positive affirmation of peace. MLK 1964.
http://officialjoomlabook.com Get it at http://www.joomla.org/joomla-press-official-books.html Buy a book, support Joomla!.
http://officialjoomlabook.com Get it at http://www.joomla.org/joomla-press-official-books.html Buy a book, support Joomla!.
-
- Joomla! Guru
- Posts: 522
- Joined: Mon Oct 01, 2007 11:35 am
Re: No auto login redirect to same page anymore?
I was one of them until I had a site cracked a good year ago. Now I use much of the security check list to make it easier for burglars to go next door. So I do appreciate the importance of security, but I also appreciate that a website is there for visitors. Security is one of the means to maintaining a website, and I am not prepared to see it as the purpose. The means should only detract from the purpose if there is no alternative - and speaking for myself I feel I have an alternative.
-
- Joomla! Apprentice
- Posts: 29
- Joined: Thu Jul 24, 2008 2:20 am
Re: No auto login redirect to same page anymore?
Just wondering if there was any final word on this?
Will an update be available in the next version of J!?
I have the same issue. I set up an internal website for my company and there's protected content within the site. Users can't access documents (DOCman) as a guest but they can if they sign on.
But having them go back to the Home Page when they log on just sucks from a usability standpoint.
What makes it more of an issue for me is that I just introduced this board to the company and now the behavior has changed b/c I upgraded from 1.5.8 to 1.5.9.
I'm going to implement the code hack noted above and document it on my wiki for future updates but what a pain in the arse. I've been trying to avoid hacks at all cost just for this reason but I feel it's really important to be able to stay at the page you were on and NOT be redirected after logging in. (thanks for the code.....)
Will an update be available in the next version of J!?
I have the same issue. I set up an internal website for my company and there's protected content within the site. Users can't access documents (DOCman) as a guest but they can if they sign on.
But having them go back to the Home Page when they log on just sucks from a usability standpoint.
What makes it more of an issue for me is that I just introduced this board to the company and now the behavior has changed b/c I upgraded from 1.5.8 to 1.5.9.
I'm going to implement the code hack noted above and document it on my wiki for future updates but what a pain in the arse. I've been trying to avoid hacks at all cost just for this reason but I feel it's really important to be able to stay at the page you were on and NOT be redirected after logging in. (thanks for the code.....)
- retush
- Joomla! Fledgling
- Posts: 3
- Joined: Wed Feb 25, 2009 10:45 pm
- Location: Adriatic
- Contact:
Re: No auto login redirect to same page anymore?
I have the same issue with redirects, my users have option to login to post comments with their username, login form placed conveniently under the article comment form, but after the login they're redirected to successful login page and they DO HATE to look again for the article in order to comment it.
I really think this should be fixed in core files, I'd hate to use insecure hacks.
Same redirect to previous page is available at this very forum - why disable it for the rest of us ?
I really think this should be fixed in core files, I'd hate to use insecure hacks.
Same redirect to previous page is available at this very forum - why disable it for the rest of us ?
-
- Joomla! Guru
- Posts: 522
- Joined: Mon Oct 01, 2007 11:35 am
Re: No auto login redirect to same page anymore?
Quite right.retush wrote:I'd hate to use insecure hacks.
Very good point! Why is that? Is this site not up to date with security or is does it use a hack that we could all use?retush wrote:Same redirect to previous page is available at this very forum - why disable it for the rest of us ?
How important does the core team think this issue is? Seeing the number of views of this thread it seems that it is an issue of interest to many users.
- mcsmom
- Joomla! Exemplar
- Posts: 7897
- Joined: Thu Aug 18, 2005 8:43 pm
- Location: New York
- Contact:
Re: No auto login redirect to same page anymore?
First of all, this forum is not Joomla it is phpbb.
@dlebreaux
There is no reason to redirect to the home page, use the redirect parameter to send users to an appropriate page.
@dlebreaux
There is no reason to redirect to the home page, use the redirect parameter to send users to an appropriate page.
So we must fix our vision not merely on the negative expulsion of war, but upon the positive affirmation of peace. MLK 1964.
http://officialjoomlabook.com Get it at http://www.joomla.org/joomla-press-official-books.html Buy a book, support Joomla!.
http://officialjoomlabook.com Get it at http://www.joomla.org/joomla-press-official-books.html Buy a book, support Joomla!.
-
- Joomla! Apprentice
- Posts: 33
- Joined: Wed Mar 15, 2006 10:30 am
- Location: Sweden
Re: No auto login redirect to same page anymore?
Hi.
We do not want any redirect.
We want the user to stay on the page he/she was at when logging in, also after logging in is complete.
How can that be achieved?
/Sven
We do not want any redirect.
We want the user to stay on the page he/she was at when logging in, also after logging in is complete.
How can that be achieved?
/Sven
-
- Joomla! Guru
- Posts: 522
- Joined: Mon Oct 01, 2007 11:35 am
Re: No auto login redirect to same page anymore?
Let me just stress this: when a visitor logs in it usually means that he found what he was looking for. Then in principle it is very counter-productive to send the visitor anywhere else than the page that inspired him to log in.
-
- Joomla! Apprentice
- Posts: 29
- Joined: Thu Jul 24, 2008 2:20 am
Re: No auto login redirect to same page anymore?
mcsmom - the issue with your logic is here -
"use the redirect parameter to send users to an appropriate page".
The "appropriate page" is the page that they're on.
There is no setting in Joomla to say "current page".
Have you updated to 1.5.9 yet? If so you can test this yourself.
"use the redirect parameter to send users to an appropriate page".
The "appropriate page" is the page that they're on.
There is no setting in Joomla to say "current page".
Have you updated to 1.5.9 yet? If so you can test this yourself.
- retush
- Joomla! Fledgling
- Posts: 3
- Joined: Wed Feb 25, 2009 10:45 pm
- Location: Adriatic
- Contact:
Re: No auto login redirect to same page anymore?
OK, I am aware that this is PHPBB, but I was reffering to the user login functionality of this very forum, handling the login redirects in a manner we would like to reinstate back to Joomla.mcsmom wrote:First of all, this forum is not Joomla it is phpbb.
- dextercowley
- Joomla! Virtuoso
- Posts: 3286
- Joined: Sun Apr 06, 2008 4:44 am
- Location: Seattle, WA, USA
Re: No auto login redirect to same page anymore?
Ok. I'm looking into this now. I should have an update in a day or so. Thanks for your patience. If we can figure out a way to get this behaviour back without breaking something else, it makes sense to do it. Thanks. Mark
Mark Dexter
"Well...how did I get here?"
"Well...how did I get here?"
- mcsmom
- Joomla! Exemplar
- Posts: 7897
- Joined: Thu Aug 18, 2005 8:43 pm
- Location: New York
- Contact:
Re: No auto login redirect to same page anymore?
Mark, should this whole thread get moved to quality and testing? It doesn't really belong in this forum since it is really an issue report.
So we must fix our vision not merely on the negative expulsion of war, but upon the positive affirmation of peace. MLK 1964.
http://officialjoomlabook.com Get it at http://www.joomla.org/joomla-press-official-books.html Buy a book, support Joomla!.
http://officialjoomlabook.com Get it at http://www.joomla.org/joomla-press-official-books.html Buy a book, support Joomla!.
- Tonie
- Joomla! Master
- Posts: 16553
- Joined: Thu Aug 18, 2005 7:13 am
Re: No auto login redirect to same page anymore?
Moved to 1.5 Q&T forum.
-
- Joomla! Fledgling
- Posts: 1
- Joined: Mon Mar 02, 2009 12:04 am
Re: No auto login redirect to same page anymore?
Thank you! You are an absolute star!