User Authentication cookbook

JanStieler · April 29, 2018, 12:11am

Hi,

I think on the authentication cookbook is a little mistake in it.
On the Protecting Content part, should it not better be
<?php if(!$site->user()) go('/login') ?>
as
<?php if(!$site->user()) go('/') ?>
I don’t know if it is only on my situation but with go('/') I had a loop in it where I don’t come to the loginpage.

And in my template controllerfile I had a session_start() in it. This had a consequence that the routing to this site was not perform. Is this not a little bit curious? This is the first time for me that session_start() is blocking some other scripts.

texnixe · April 29, 2018, 7:29am

I’d say it depends. Maybe you don’t want to let unauthorised users know that there is a login page at all.

However, if your home page is blocked, then you would indeed run into a loop, so you would have to modify the path. Was it the home page that you wanted to lock?

Currently I don’t have an answer regarding your session thingy. But what controller file are we talking about?

JanStieler · June 20, 2018, 7:08pm

Hi,
I have a searchform on a site and save the formdata ( two fields) in two sessions to show the searchresult on a another site. The hole website with all subpage should be locked from view with a loginform.

search.php controllerfile:

<?php
    session_start();    

return function($site, $pages, $page) {

if(!$site->user()) go('login');

if(r::is('post') && get('submitsearch')) {
    if(!empty(get('propertyquery'))){
        $_SESSION['propertyquery'] = get('propertyquery');
        $_SESSION['zipquery'] = get('zipquery');

        go('grundstuecke');
    }
    else {
    }
}
};

login controllerfile:

<?php
return function($site, $pages, $page) {

    if($site->user()) go('/');

if(r::is('post') and get('login')) {
    if($user = $site->user(get('username')) and $user->login(get('password'))) {
        go('/');
    } else {
        $error = true;
    }
} else {
    // nothing has been submitted
    // nothing has gone wrong
    $error = false;
    $errorpayment = false;
}

    return array('error' => $error, 'errorpayment' => $errorpayment);
};

And in the search controllerfile if I have the session_start()declared the login will ended in a error with ERR_TOO_MANY_REDIRECTS. How can I use the login with my sessions?

Kindly,
Jan

texnixe · June 20, 2018, 7:16pm

I guess you mean page not site? The whole website is locked means that you cannot access any page without logging in.

JanStieler · June 20, 2018, 7:32pm

Hi,
yes the whole website should closed from view only the login is showing.
To perform this I wrote the if($site->user()) go('login');in every templatefile or controller file without the login or error template/controller.

Topic		Replies	Views
Login redirect after link Questions 🤔	3	535	January 24, 2019
Frontend login from any page (via a shared plugin or controller)? Solved ✅	6	1508	June 9, 2017
Password Protect Page Solved ✅	6	1608	August 21, 2015
$site->user() returns false on frontend code but seems to evaluate true within controllers Solved ✅	2	476	March 1, 2018
"go()" with params?	5	260	November 11, 2022

User Authentication cookbook

Related Topics