?
Related to # 4142
Referenced as Related to: # 4142
avatar hering
hering
21 Aug 2014

Steps to reproduce the issue

Create com_users login menu item on multilingual website. Assign the menu item to Guest. Configure Login redirect in the menu item options (and/or LogOut redirect). Login to the website. The redirect is ignored. A "You are not authorised" error is displayed.

Expected result

A redirect should occur.

Actual result

A "You are not authorised" error is displayed.

System information (as much as possible)

Joomla 3.3.3
Apache 2.2.14 (Win32) / PHP 5.4.18
Same result with Apache 2.4.7 / PHP 5.5.9-1ubuntu4.3

Additional comments

On a multilingual website I have a "login" menu item (com_users, not using the module).
To make the login menu item go away after successful login it is assigned to Guest.
After successful login the menu item is then replaced by another item (logout) assigned to Registered. So far that setup works fine.
However, this setup creates a "You are not authorised" error. Joomla 3.3.3 ignores the login redirect configured for the menu item options. Instead the same login page is opened again. Since it was assigned to Guest it cannot be displayed any more and an error message is displayed.

Attempts to resolve the issue:
Testing with absolute or relative redirect address ("testfolder/en/" or "http://domain/testfolder/en/" or "testfolder/en/").
Result: constantly the same behaviour; the redirect is ignored.

Try to add a base64-encoded URL (&return=ENCODED_URL) to the login form's action attribute (absolute or relative).
No change.

Try to add a base64-encoded URL to the hidden "return" input field of the login form (absolute or relative).
No change.

Only workaround so far was to write a plugin using the onUserAfterLogin/Logout events.

avatar hering hering - open - 21 Aug 2014
avatar zero-24
zero-24 - comment - 31 Aug 2014

Hi @hering

On a multilingual website I have a "login" menu item (com_users, not using the module).

hmm i didn't test on a multilingual site but the code for the redirect is in the Login Modul (mod_login):
1. Here we request the retrun url:
https://github.com/joomla/joomla-cms/blob/staging/modules/mod_login/mod_login.php#L18
2. Here we create the return url:
https://github.com/joomla/joomla-cms/blob/staging/modules/mod_login/helper.php#L22-97
3. Here we add it to the form:
login: https://github.com/joomla/joomla-cms/blob/staging/modules/mod_login/tmpl/default.php#L116
logout: https://github.com/joomla/joomla-cms/blob/staging/modules/mod_login/tmpl/default_logout.php#L28

So you need to use the mod_login to login and to logout to use the function.

What do you use if not the Core login module (mod_login)?

avatar brianteeman brianteeman - change - 1 Sep 2014
Category Multilanguage
avatar hering
hering - comment - 2 Sep 2014

Thanks a lot for your comment.
I use a menu item that points to com_users (User Manager > Login Form). That allows creating a login form without the necessity to first create a page that is only required as a place where we can then position the login module (and this once for each language).

If redirection is only possible with the module and not with the component, then it would be less confusing if the the option to specify redirection URLs was removed from the component.
To do so, it would be necessary to change components/com_users/views/login/tmpl/default.xml and remove the fields "login_redirect_url" and "logout_redirect_url".

However, I think it would be nicer to have redirection work in the component just as the user interface suggests, because it seems more straight forward to me creating a menu item that goes directly to a login form than creating a menu item that points to something only to have a place where I can then position a login module. Just my 2ยข.

avatar zero-24
zero-24 - comment - 2 Sep 2014

hehe thanks @hering I don't know that com_users has this view. I will have a look into it.

avatar zero-24 zero-24 - change - 2 Sep 2014
Rel_Number 4142
Relation Type Related to
avatar zero-24
zero-24 - comment - 2 Sep 2014

@hering what do you test? A external or a internal link? For me internal links like http://www.example.org/index.php/latest-articles works ok. But if i what to return to a external site like http://www.joomla.org It don't work.

I would vote for changing the behavior on the com_users login form to the behavior that we have on mod_login that only internal urls are allow and use a dropdown to select it.

I have a workable solution. See here #4208

avatar hering
hering - comment - 2 Sep 2014

I did only use internal URLs (external URLs are not supposed to work as per the GUI), with or without the protocol prefix and starting from root of relative URLs e.g. "/target/from/root" or "http://domain/target/from/root" or simply "relative/target/" but I never tested with SEF = 0 and "index.php" URLs as JRoute might use them.
Have to check that out. Thanks again.

Edit:
I forgot to mention the language in the URLs, so actually I specified URLs like
"/target_from_root/en/" or "http://domain/en/" or simply "en/" where "en" stands for the English version of the page.
Specifying a no-SEF URL such as http://domain/index.php?option=com_content&view=article&id=22&Itemid=114&lang=en does indeed work for both login and logout.
The only catch with this solution is that the no-SEF URL is displayed as such in the browser's location bar no matter wether SEF is activated or not. The login redirect URL seems not to be run through JRoute.
Thanks zero-24 for that idea.

avatar zero-24
zero-24 - comment - 3 Sep 2014

@hering can you have a look into this #4208 (comment) It should fix your issue.

Here (#4208 (comment)) you can find some instructions how you can test it. Please let me know if you need more help or instructions.

Thanks

avatar jissues-bot jissues-bot - close - 17 Oct 2014
avatar zero-24 zero-24 - close - 17 Oct 2014
avatar zero-24 zero-24 - change - 17 Oct 2014
Status New Closed
avatar zero-24
zero-24 - comment - 17 Oct 2014

Closing as we have a PR: #4208

avatar jissues-bot
jissues-bot - comment - 17 Oct 2014

Set to "closed" on behalf of @zero-24 by The JTracker Application at issues.joomla.org/joomla-cms/4142

avatar jissues-bot jissues-bot - change - 17 Oct 2014
Closed_Date 0000-00-00 00:00:00 2014-10-17 12:16:07
avatar zero-24 zero-24 - change - 7 Jul 2015
Labels Added: ?

Add a Comment

Login with GitHub to post a comment