[fixed in develop branch] Login redirect fail if HUGE dir != root

[ghost]

Hi,

I'm trying first time HUGE script. It seems work good but there's only one problem if you place the system in a sub-directory.

I've put it into http:https://127.0.0.1/HUGE/

If I try to open protected page like dashboard it redirect us to:
http:https://127.0.0.1/HUGE/login?redirect=%2FHUGE%2Fdashboard%2F

So, when we login, it redirect to:
http:https://127.0.0.1/HUGE/HUGE/dashboard/index
-> 404 error

If in LoginController.php change (line 28):
$data = array('redirect' => Request::get('redirect') ? Request::get('redirect') : NULL);
To:
$data = array('redirect' => Request::get('redirect') ? "../".Request::get('redirect') : NULL);

With this we avoid 404 page, it redirect now to: http:https://127.0.0.1//HUGE/dashboard/
And page load, but we have double / after domain.

You have some better solution for that? Can be better to define config file the main root of the script?

Thanks.

[panique]

pleae install the project exactly like described in the install tutorial, and please dont put the project in a subfolder, and if you REALLY need to do this then please follow the instructions given in the readme and the config file!!! It's impossible to make this project work out of the box in every possible installation scenario.

[geozak]

This is the same as issue #754

[ghost]

Ok, I read yesterday files recommended. I reported the problem to see if it could be resolved or if it is not expected to be installed in subfolders.

Clearly it is not expected, however if I find an effective solution I'll post it here.

Thank you.

[slaveek]

Add new method to Redirect.php like:

    public static function toPreviousViewedPageAfterLogin($path) 
    {
        header('location: http:https://' . $_SERVER['HTTP_HOST'] . '/' . $path);
    }

then in LoginController->login() method change this line

Redirect::to(ltrim(urldecode(Request::post('redirect')), '/'));

to:

Redirect::toPreviousViewedPageAfterLogin(ltrim(urldecode(Request::post('redirect')), '/'));

In very quick tests redirection works in:

• ROOT dir
• subfolder
• and even if huge is in 2 subfolders as:

http:https://127.0.0.1/subfolder/huge/

(the same issue #754)

[slaveek]

I tested little bit more solution above and looks it works fine.
But there is one think that @OmarElgabry point in his comment here -> #754 (comment)

Another thing, If you entered wrong email/password, the redirect query parameter in URL will be cleared as implemented in LoginController

He's right ;) All parameters are gone.

So final solution included issue pointed by @OmarElgabry can looks:

Add new method to Redirect.php

    public static function toPreviousViewedPageAfterLogin($path) 
    {
        header('location: http:https://' . $_SERVER['HTTP_HOST'] . '/' . $path);
    }

then in LoginController->login() method change this lines:

if ($login_successful) {
    if (Request::post('redirect')) {
        Redirect::to(ltrim(urldecode(Request::post('redirect')), '/'));
    } else {
        Redirect::to('user/index');
    }
} else {
    Redirect::to('login/index');
}

to this:

if ($login_successful) {
    if (Request::post('redirect')) {
        Redirect::toPreviousViewedPageAfterLogin(ltrim(urldecode(Request::post('redirect')), '/'));
    } else {
        Redirect::to('user/index');
    }
} else {
    if (Request::post('redirect')) {
        Redirect::to('login?redirect=' . ltrim(urlencode(Request::post('redirect')), '/'));
    } else {
        Redirect::to('login/index');
    }
}

BTW I don't like this: toPreviousViewedPageAfterLogin

[abmmhasan]

Just updated the Pull #773

[ghost]

Sessions nay be the solution? If we set the redirect link as session value with expiration time 1800sec, and we delete it only after successful login? Thi can be usefull also to avoid unfriendly query in the url..

[abmmhasan]

I don't support session based redirection! Just rethink! For suppose I was in a link. Now when I login I'll simply cut off that link & login so it will take me normal admin page only. But if it is session based whatever I do, will redirect me to same url again.
or you can ask after login (store via session or DB) via a JS Alert if he wanna resume on previous link or go to normal home directory with below option

1. Continue where you left of
2. Open home page
3. Open your favorite page (we might let him choose a favorite page in settings or may choose it automatically depending on most visited page)

[ghost]

I supposed that if you join the website with a specific url, probably you want see that specific content. In any case should be an easy modification, so isn't important to find it in the official package. At the end we must only edit redirect+get with redirect+ add session and change login check for get value with the session value.