[#4142] - com_users login menu item: login redirect configuration is ignored
- Closed
- 17 Oct 2014
- Medium
- Build: master
- # 4142
Steps to reproduce the issue
Create com_users login menu item on multilingual website. Assign the menu item to Guest. Configure Login redirect in the menu item options (and/or LogOut redirect). Login to the website. The redirect is ignored. A "You are not authorised" error is displayed.
Expected result
A redirect should occur.
Actual result
A "You are not authorised" error is displayed.
System information (as much as possible)
Joomla 3.3.3
Apache 2.2.14 (Win32) / PHP 5.4.18
Same result with Apache 2.4.7 / PHP 5.5.9-1ubuntu4.3
Additional comments
On a multilingual website I have a "login" menu item (com_users, not using the module).
To make the login menu item go away after successful login it is assigned to Guest.
After successful login the menu item is then replaced by another item (logout) assigned to Registered. So far that setup works fine.
However, this setup creates a "You are not authorised" error. Joomla 3.3.3 ignores the login redirect configured for the menu item options. Instead the same login page is opened again. Since it was assigned to Guest it cannot be displayed any more and an error message is displayed.
Attempts to resolve the issue:
Testing with absolute or relative redirect address ("testfolder/en/" or "http://domain/testfolder/en/" or "testfolder/en/").
Result: constantly the same behaviour; the redirect is ignored.
Try to add a base64-encoded URL (&return=ENCODED_URL) to the login form's action attribute (absolute or relative).
No change.
Try to add a base64-encoded URL to the hidden "return" input field of the login form (absolute or relative).
No change.
Only workaround so far was to write a plugin using the onUserAfterLogin/Logout events.
brianteeman
- | Category | ⇒ | Multilanguage |
Thanks a lot for your comment.
I use a menu item that points to com_users (User Manager > Login Form). That allows creating a login form without the necessity to first create a page that is only required as a place where we can then position the login module (and this once for each language).
If redirection is only possible with the module and not with the component, then it would be less confusing if the the option to specify redirection URLs was removed from the component.
To do so, it would be necessary to change components/com_users/views/login/tmpl/default.xml and remove the fields "login_redirect_url" and "logout_redirect_url".
However, I think it would be nicer to have redirection work in the component just as the user interface suggests, because it seems more straight forward to me creating a menu item that goes directly to a login form than creating a menu item that points to something only to have a place where I can then position a login module. Just my 2ยข.
| Rel_Number | ⇒ | 4142 | |
| Relation Type | ⇒ | Related to |
@hering what do you test? A external or a internal link? For me internal links like http://www.example.org/index.php/latest-articles works ok. But if i what to return to a external site like http://www.joomla.org It don't work.
I would vote for changing the behavior on the com_users login form to the behavior that we have on mod_login that only internal urls are allow and use a dropdown to select it.
I have a workable solution. See here #4208
I did only use internal URLs (external URLs are not supposed to work as per the GUI), with or without the protocol prefix and starting from root of relative URLs e.g. "/target/from/root" or "http://domain/target/from/root" or simply "relative/target/" but I never tested with SEF = 0 and "index.php" URLs as JRoute might use them.
Have to check that out. Thanks again.
Edit:
I forgot to mention the language in the URLs, so actually I specified URLs like
"/target_from_root/en/" or "http://domain/en/" or simply "en/" where "en" stands for the English version of the page.
Specifying a no-SEF URL such as http://domain/index.php?option=com_content&view=article&id=22&Itemid=114&lang=en does indeed work for both login and logout.
The only catch with this solution is that the no-SEF URL is displayed as such in the browser's location bar no matter wether SEF is activated or not. The login redirect URL seems not to be run through JRoute.
Thanks zero-24 for that idea.
@hering can you have a look into this #4208 (comment) It should fix your issue.
Here (#4208 (comment)) you can find some instructions how you can test it. Please let me know if you need more help or instructions.
Thanks
| Status | New | ⇒ | Closed |
Set to "closed" on behalf of @zero-24 by The JTracker Application at issues.joomla.org/joomla-cms/4142
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2014-10-17 12:16:07 |
| Labels |
Added:
?
|
||
Hi @hering
hmm i didn't test on a multilingual site but the code for the redirect is in the Login Modul (mod_login):
1. Here we request the retrun url:
https://github.com/joomla/joomla-cms/blob/staging/modules/mod_login/mod_login.php#L18
2. Here we create the return url:
https://github.com/joomla/joomla-cms/blob/staging/modules/mod_login/helper.php#L22-97
3. Here we add it to the form:
login: https://github.com/joomla/joomla-cms/blob/staging/modules/mod_login/tmpl/default.php#L116
logout: https://github.com/joomla/joomla-cms/blob/staging/modules/mod_login/tmpl/default_logout.php#L28
So you need to use the mod_login to login and to logout to use the function.
What do you use if not the Core login module (mod_login)?