From 4e6fca51b4b6db3d700d1e912803fcce9d1fd6b5 Mon Sep 17 00:00:00 2001 From: geozak Date: Thu, 12 Nov 2015 19:01:07 -0900 Subject: [PATCH 1/5] Create redirect.php A view template for a page to be displayed when a user is redirected between pages. --- application/view/_templates/redirect.php | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 application/view/_templates/redirect.php diff --git a/application/view/_templates/redirect.php b/application/view/_templates/redirect.php new file mode 100644 index 000000000..8762e619c --- /dev/null +++ b/application/view/_templates/redirect.php @@ -0,0 +1,6 @@ +
+

Redirecting, please wait.

+
+

Redirecting to $destination); ?>

+
+
From 933703d72caed230495ea017f9f2ed3d95672671 Mon Sep 17 00:00:00 2001 From: geozak Date: Thu, 12 Nov 2015 19:20:37 -0900 Subject: [PATCH 2/5] Update Redirect.php with render and exit Added lines to make calls to Redirect display the redirect template view and exit. this should be satisfactory to fix this comment from Auth.php // to prevent fetching views via cURL (which "ignores" the header-redirect above) we leave the application // the hard way, via exit(). @see https://github.com/panique/php-login/issues/453 // this is not optimal and will be fixed in future releases this should make redirecting users friendly in that they won't see empty/broken pages. --- application/core/Redirect.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/application/core/Redirect.php b/application/core/Redirect.php index 33756382e..7a35de41b 100644 --- a/application/core/Redirect.php +++ b/application/core/Redirect.php @@ -13,6 +13,9 @@ class Redirect public static function home() { header("location: " . Config::get('URL')); + $data = array('destination' => Config::get('URL')); + new View()->render('_templates/redirect.php', $data); + exit(); } /** @@ -23,5 +26,8 @@ public static function home() public static function to($path) { header("location: " . Config::get('URL') . $path); + $data = array('destination' => Config::get('URL') . $path); + new View()->render('_templates/redirect.php', $data); + exit(); } -} \ No newline at end of file +} From d71921757066bb6a27efff66f93030ad3294e865 Mon Sep 17 00:00:00 2001 From: geozak Date: Thu, 12 Nov 2015 19:28:59 -0900 Subject: [PATCH 3/5] Update Auth.php to use Redirect Replaced header location calls with Redirect::to to use the friendly redirection. --- application/core/Auth.php | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/application/core/Auth.php b/application/core/Auth.php index 82990ffed..0d132640d 100644 --- a/application/core/Auth.php +++ b/application/core/Auth.php @@ -28,11 +28,7 @@ public static function checkAuthentication() // send the user to the login form page, but also add the current page's URI (the part after the base URL) // as a parameter argument, making it possible to send the user back to where he/she came from after a // successful login - header('location: ' . Config::get('URL') . 'login?redirect=' . urlencode($_SERVER['REQUEST_URI'])); - // to prevent fetching views via cURL (which "ignores" the header-redirect above) we leave the application - // the hard way, via exit(). @see https://github.com/panique/php-login/issues/453 - // this is not optimal and will be fixed in future releases - exit(); + Redirect::to('login?redirect=' . urlencode($_SERVER['REQUEST_URI'])); } } @@ -53,11 +49,7 @@ public static function checkAdminAuthentication() if (!Session::userIsLoggedIn() || Session::get("user_account_type") != 7) { // ... then treat user as "not logged in", destroy session, redirect to login page Session::destroy(); - header('location: ' . Config::get('URL') . 'login'); - // to prevent fetching views via cURL (which "ignores" the header-redirect above) we leave the application - // the hard way, via exit(). @see https://github.com/panique/php-login/issues/453 - // this is not optimal and will be fixed in future releases - exit(); + Redirect::to('login'); } } From c9e4b6533697a8e6197f7c7b3e145b25529f94d3 Mon Sep 17 00:00:00 2001 From: geozak Date: Thu, 12 Nov 2015 19:32:23 -0900 Subject: [PATCH 4/5] Update Controller.php to use Redirect Replaced header location calls with Redirect::to to use the friendly redirection. --- application/core/Controller.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/core/Controller.php b/application/core/Controller.php index 654daad51..06b0d0d6e 100644 --- a/application/core/Controller.php +++ b/application/core/Controller.php @@ -25,7 +25,7 @@ function __construct() // user is not logged in but has remember-me-cookie ? then try to login with cookie ("remember me" feature) if (!Session::userIsLoggedIn() AND Request::cookie('remember_me')) { - header('location: ' . Config::get('URL') . 'login/loginWithCookie'); + Redirect::to('login/loginWithCookie'); } // create a view object to be able to use it inside a controller, like $this->View->render(); From c487f66a5cb0e570f5551b9846e02b32a8a766de Mon Sep 17 00:00:00 2001 From: geozak Date: Fri, 13 Nov 2015 16:29:58 -0900 Subject: [PATCH 5/5] Update Auth.php Removed unreachable statement. --- application/core/Auth.php | 1 - 1 file changed, 1 deletion(-) diff --git a/application/core/Auth.php b/application/core/Auth.php index 0d132640d..d887880b2 100644 --- a/application/core/Auth.php +++ b/application/core/Auth.php @@ -63,7 +63,6 @@ public static function checkSessionConcurrency(){ if(Session::isConcurrentSessionExists()){ LoginModel::logout(); Redirect::home(); - exit(); } } }