Quick login does not remember last page properly

Started by _Jojo_, October 28, 2010, 06:39:55 PM

Previous topic - Next topic

_Jojo_

1) Try to view a member's profile as a guest on a SMF 2.0 forum (hiding profiles to guests must be enabled). You will be prompted to log in.
2) Don't log in, instead, try to read a topic on the board (which should be possible to guests).
3) From this topic, use the quick login in the header.
Now you should see the member's profile from step 1 instead of the viewed topic.

_Jojo_

As this thread got moved, I'd like to just have a short feedback whether this issue got resolved, is a duplicate or is considered a feature? I couldn't find an entry for this on the issue tracker so I'm not sure. The problem still persists with SMF 2.0.1 for me.

Illori

i tested this issue as you explained and i got redirected back to the same page i logged it at with the quick login. so i dont consider it a bug.

_Jojo_

The problem is easily reproducible with a freshly installed SMF 2.0.1, using both Firefox and Opera:
- Forbid guests to view member profiles.
- Log out, try to visit a member profile. This should give you a login prompt.
- Instead of logging in, go to the board index and visit a random topic.
- While in this topic, use the quick login feature to log in. You should now see the member's profile instead of the previously viewed topic.

As said, it's perfectly reproducible on a fresh SMF 2.0.1 install here, no matter what browser, no matter what server operating system (PHP5 on Windows / Debian).

Illori

i can duplicate it now that you explained it again. i am still not sure how often if at all this would really come up, and with no comments on this report for a year makes me think no one thinks it is much of an issue worth looking into. the quick login works fine for me when you are the index a board or a topic.

_Jojo_

#5
Well, to me this happens quite frequently and it's also kind of annoying when it happens. I haven't looked into the code but it would seem to be that some kind of flag is set when visiting member profiles and is not unset when visiting another page instead.

Either way, I'd say this is not a bogus bug, nor is it fixed, so it should be moved back again.

Joker™

It has to something with "$_SESSION['login_url']" and "$_SESSION['old_url']".

I'll debug this once I get back to my PC.
Github Profile
Android apps
Medium

How to enable Post Moderation

"For the wise man looks into space and he knows there is no limited dimensions." - Laozi

All support seeking PM's get microwaved

Joshua Dickerson

Come work with me at Promenade Group



Need help? See the wiki. Want to help SMF? See the wiki!

Did you know you can help develop SMF? See us on Github.

How have you bettered the world today?

Joker™

Joshua, got a few mins for debugging :P.

Here is some data populated by the script:

1. Click on Profile as guest:
Login URL -- Nothing
Old URL: http://localhost/smf2/index.php


2. Come back to main page (Seems fine upto here)
Login URL -- http://localhost/smf2/index.php?action=profile;u=1
Old URL: http://localhost/smf2/index.php?action=profile;u=1


3. Go to some topic (See below, url weirdness starts here)
Login URL -- http://localhost/smf2/index.php?action=profile;u=1
Old URL: http://localhost/smf2/index.php


Now if someone is going to make a login is he going to be redirected according to 'login_url' as per this code in LogInOut.php

// Some whitelisting for login_url...
if (empty($_SESSION['login_url']))
redirectexit();
else
{
// Best not to clutter the session data too much...
$temp = $_SESSION['login_url'];
unset($_SESSION['login_url']);

redirectexit($temp);
}



My suggestion would be to re-factorize the 'login_url' variable and place the current link in it, as even the 'old_url' variable is running one step behind the actual query string.
Github Profile
Android apps
Medium

How to enable Post Moderation

"For the wise man looks into space and he knows there is no limited dimensions." - Laozi

All support seeking PM's get microwaved

emanuele

#9
The problem here is that when you arrive at the login page (through profile) $_SESSION['login_url'] is set, then the quick login doesn't pass through the function Login and 'old_url' doesn't overwrite 'login_url', so you are redirected to Login2 with 'login_url' set (when accessing the login page viewing the profile) to the wrong address.

The only reliable way to overcome this problem I can think it let Login2 know that we are coming from the quicklogin (i.e. add a ";quicklogin" to the form action url). Then we have to re-set the 'login_url' in Login2:
Code (find) Select
if (empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0)

Code (replace with) Select
if ((empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) || (isset($_GET['quicklogin']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'login') === false))

The strpos($_SESSION['old_url'], 'login') === false will prevent the user from being redirected to the login page in the case of the (non particularly clever) action of logging in from the quick-login at the login page.


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

danwsc


Hi emanuele,

I have I think a variation of the issue.  I intentionally want to stay on some modified pages that I come up with, how do I do it please?
Whilst I want to retain SMF normal operation on non-modified pages.
My thread is at
http://www.simplemachines.org/community/index.php?topic=470808.0

Thanks and Regards.

_Jojo_

I guess this thread still shouldn't be in the "fixed or bogus bugs" board? At least the problem still appears with SMF 2.0.2.

emanuele

Not being a security issue most likely it will never be fixed in the 2.0.x series.
It is in this board because it's fixed in the development version of 2.1. :)


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.


Advertisement: