I have created a page called ‘Projects’ with subpages that use a single template ‘project’.
All projects have a checkbox field for ‘privacy’, where true means that it is a private project.
Currently, I have all projects children with privacy true collected into a ‘Client’ page that asks for a login if the user is not logged in. However, the projects are still visible via their direct url.
What is the best method for redirecting to a login page if a non-logged in user tries to access the private project page, and redirect to it when logged in? Do I need to create a separate template specifically for private projects? Or can I work with the template I’m currently using for both.
Ha I’m a dummy, that works perfectly. Is there a way to get it to redirect to the page the user was attempting to view after they successfully login? Right now in login.php, I have logins redirecting to a single page (‘client’), rather than the redirect being contextually aware…
if($user = $site->user(get('username')) and $user->login(get('password'))) {
// redirect to the homepage
// if the login was successful
go('client');
} else {
// make sure the alert is being
// displayed in the template
$error = true;
}
I made the changes you posted, but now my login form doesnt seem to be submitting. I’m guessing it has to do with my template having problems with some of the changes to the form in the controller? Code below:
Yeah, originally I had just replaced my controller with what you posted. I ended up combining the two to get something that works, so, I’m not sure how elegant it is. I’ll post it all together since it does seem to be working
Login Controller
<?php
return function($site, $pages, $page) {
// don't show the login screen to already logged in users
if($site->user()) go('/');
// go to this url if login was successful
if($_POST['location'] != '') {
$redirect = $_POST['location'];
} else {
//go to the client page if login was successful but no location is found
$redirect = $site->page('client');
}
// redirect immediately if user is already logged in
if ($site->user()) go($redirect);
// handle the form submission
if(r::is('post') and get('login')) {
// fetch the user by username and run the
// login method with the password
if($user = $site->user(get('username')) and $user->login(get('password'))) {
// redirect to the homepage
// if the login was successful
go($redirect);
} else {
// make sure the alert is being
// displayed in the template
$error = true;
}
} else {
// nothing has been submitted
// nothing has gone wrong
$error = false;
}
return array('error' => $error);
};
Redirecting a private project to a login page can be bad in situations where knowing the URL of a project can be an attack vector. Because of the redirection, an attacker knows for sure the URL was correct. This warning is not relevant for every project and use-case, but should be considered.
Storing the “page after login” could also be done using the user session with less form and query string magic involved.
For some reason I can’t get this to work automatically. Pieces seem to work depending on which URL I enter, but the redirect code in the controller is breaking for me. My URL correctly appends ?location=portfolio%2Fprojectname to the end, but when I turn on Debug mode, I get Undefined index: location. If I delete:
// go to this url if login was successful
if($_POST['location'] != '') {
$redirect = $_POST['location'];
} else {
//go to the portfolio page if login was successful but no location is found
$redirect = $site->page('portfolio');
}
It works, but obviously there is no redirect back to the previous page. Any ideas?
Adding isset before the $_POST seems to have fixed the Undefined Index error. What’s strange now is that the else redirect is going to the homepage instead of the portfolio link set here. I have a feeling something is still wrong here…