Simple Machines Community Forum

Customizing SMF => SMF Coding Discussion => Topic started by: MultiformeIngegno on March 28, 2010, 07:00:10 PM

Title: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on March 28, 2010, 07:00:10 PM
Hello! :)
I've some pages that loads ssi stuff, all is working properly, except that if an user logs in in that page, instead of remain there he's redirected to the board index... is it possible to remain in the page after login instead of been redirected to the board index?

Thanks!! ;)
Title: Re: SSI, return to the page after login (not the board index)
Post by: Oldiesmann on March 28, 2010, 11:09:02 PM
Yes. Just set $_SESSION['login_url'] to whatever URL you want them sent to before you call ssi_login().
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on March 29, 2010, 04:31:47 AM
Thanks... however I can't test this because I noticed that everytime I login from my ssi pages (that work properly, all is displayed fine!) I receive a "password wrong" error, also if it's right... then I'm redirected to the forum login and there it works... instead if I logout I receive a "session error".. don't know why..

Here's my code:

<?php
error_reporting
(E_ALL);

// Specify the page context
$_GET['action'] = 'extra';
$context['faqpage'] = true;
$context['page_title'] = 'FAQs';

$context['outside_forum'] = true;
$ssi_maintenance_off true;

// Layers to be utilized
$ssi_layers = array('html''body');

// Change "true" to "false" to disable Gzip if not supported on your server
$ssi_gzip true;

//This is the SSI.php file in the Board dir.
require('../forum/SSI.php');

// Track stats
trackStats(array('hits' => '+')); trackStats();

writeLog(true);
?>



These pages are in a subdomain. So, as said many and many times here I've disabled local storage for cookies, enabled subdomains indipendent cookies, and set database driven sessions on.

What's wrong..?
Title: Re: SSI, return to the page after login (not the board index)
Post by: Arantor on March 29, 2010, 07:28:41 AM
So what URLs are being called when this is happening?

Like what link is being called for logout?
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on March 29, 2010, 07:57:14 AM
Quote from: Arantor on March 29, 2010, 07:28:41 AM
So what URLs are being called when this is happening?

Like what link is being called for logout?
My forum url is: forum.rockciclopedia.com. Let's say we're here: extra.rockciclopedia.com (a ssi page). If I try to login using the box there, I'm redirected here: http://forum.rockciclopedia.com/index.php?action=login2 with the "password wrong" error. If there I re-insert my login details (the same!) I can login successfully!
Title: Re: SSI, return to the page after login (not the board index)
Post by: Arantor on March 29, 2010, 07:57:51 AM
So what version of SMF?

And for logout, what link does that go to?
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on March 29, 2010, 07:59:37 AM
Quote from: Arantor on March 29, 2010, 07:57:51 AM
So what version of SMF?
2.0 RC3

Quote from: Arantor on March 29, 2010, 07:57:51 AM
And for logout, what link does that go to?
http://forum.rockciclopedia.com/index.php?action=logout;d66b5ee=78bb8dd0db495c80937869b9379e2067

(session verification failed..)
Title: Re: SSI, return to the page after login (not the board index)
Post by: Arantor on March 29, 2010, 08:00:25 AM
And is that link the same link the logout button in the regular forum has?
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on March 29, 2010, 09:03:10 AM
No... the one on extra.rockciclopedia.com is: http://forum.rockciclopedia.com/index.php?action=logout;e29c8019d43=a88ce234f58bccf613a348c352c97eb1

The one on the forum is: http://forum.rockciclopedia.com/index.php?action=logout;d9176df5882=21fba82e5437e4904e9546e412d6f916

...anyway if I return to extra.rockciclopedia.com without loggin out, and I copy the link from the "logout" button it has changed again, now is: http://forum.rockciclopedia.com/index.php?action=logout;fd3ec93396=eacf4dc19d77c381da1803f11d94f9ef

On the ssi pages it changes at every refresh, instead the forum one remains always the same (until the session gets expired, of course)!
Title: Re: SSI, return to the page after login (not the board index)
Post by: Arantor on March 29, 2010, 09:07:26 AM
So sessions aren't being kept properly. Sure you have subdomain independent cookies on?
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on March 29, 2010, 09:13:31 AM
Quote from: Arantor on March 29, 2010, 09:07:26 AM
So sessions aren't being kept properly. Sure you have subdomain independent cookies on?
Sure!
(http://img97.imageshack.us/img97/2337/sessions.png)
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on March 29, 2010, 01:43:12 PM
I've noticed another (related) thing.. sometimes smf "forgets" the session and kick me out, so I need to login another time!
For example if I'm writing a post and I wait.. don't know... 5 minutes.. then I can't post because the session is expired!  ???

Strange! And it's strange also that the session "number" changes every time I refresh the page when I'm on a ssi page..
Title: Re: SSI, return to the page after login (not the board index)
Post by: Arantor on March 29, 2010, 02:54:30 PM
I'm kinda curious - where did all that code come from? You only actually *need* the include to SSI.php followed by a call to template_header() and a call to template_footer() and you're done really. Everything else is just trappings.

In fact, create a tiny page in that form and see what session ident you get in the displayed logout link....
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on March 29, 2010, 03:25:22 PM
I've created a new file with only this:

<?php
//This is the SSI.php file in the Board dir.
require('forum/SSI.php');

template_header();

template_footer();
?>



The same behavior... I'm redirected to the forum login with the "password wrong" error!
Title: Re: SSI, return to the page after login (not the board index)
Post by: Arantor on March 29, 2010, 03:27:26 PM
And is the link consistently different in the logout link when you refresh the page?
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on March 29, 2010, 03:50:07 PM
Quote from: Arantor on March 29, 2010, 03:27:26 PM
And is the link consistently different in the logout link when you refresh the page?
No, this time the logout link is the same also if I refresh the page.. anyway if I click it I get always the "session verification error"...
So, using this code the logout link in the ssi page remains the same, like the forum one, that remains the same (but they're different).. I can't understand why there's this conflict!!
Title: Re: SSI, return to the page after login (not the board index)
Post by: Arantor on March 29, 2010, 04:04:00 PM
Log out - from the forum, and ensure every cookie you have is removed for your site.

Then log back in and see what happens.
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on March 29, 2010, 05:58:11 PM
Quote from: Arantor on March 29, 2010, 04:04:00 PM
Log out - from the forum, and ensure every cookie you have is removed for your site.

Then log back in and see what happens.
Already tried.... the same!
I've tried also in "private browsing" or with other computers/browsers, the same..
Title: Re: SSI, return to the page after login (not the board index)
Post by: chilly on March 30, 2010, 05:16:50 AM
I have had an error on my site looking exactly the same.
But my problem was solved with deleting every cookie i got for my site (there where cookies for different subdomains + subdomain-independent)
After that everything was fine.
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on March 30, 2010, 07:03:56 AM
Quote from: chilly on March 30, 2010, 05:16:50 AM
I have had an error on my site looking exactly the same.
But my problem was solved with deleting every cookie i got for my site (there where cookies for different subdomains + subdomain-independent)
After that everything was fine.
I've deleted all my cookies (I've also tried with the "private browsing"), but it's the same..
Title: Re: SSI, return to the page after login (not the board index)
Post by: Arantor on March 30, 2010, 07:04:26 AM
So what mods do you have installed?
Title: Re: SSI, return to the page after login (not the board index)
Post by: Orstio on March 30, 2010, 08:07:17 AM
Try adding this after your SSI include:

$sc = &$context['session_id'];
$_SESSION['USER_AGENT'] = $_SERVER['HTTP_USER_AGENT'];


It won't fix your redirect, but will fix your session loss.
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on March 30, 2010, 08:16:19 AM
Quote from: Arantor on March 30, 2010, 07:04:26 AM
So what mods do you have installed?
Aeva Media    1.1b
Stop Spammer    2.3.7
SimplePortal    2.3.1
Sitemap    2.1.2
Images On Board    2.2
Foxy! for Aeva Media    1.26
Online Only Groups in the Group Key    1.0

@Orstio: Also with that code is the same... at every refresh the session value changes..
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on March 30, 2010, 08:54:29 AM
I've created a test user for you (maybe is useful, I've set also english language to it....):
username: demo
password: demopassword

http://forum.rockciclopedia.com/index.php?action=profile;u=174
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on March 30, 2010, 11:39:08 AM
Quote from: MultiformeIngegno on March 29, 2010, 01:43:12 PM
For example if I'm writing a post and I wait.. don't know... 5 minutes.. then I can't post because the session is expired!  ???
This means that it's not something related to the ssi code for the pages, but it's something that affects smf "per se"...
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on March 30, 2010, 05:09:05 PM
Don't forsake me! ;D
Title: Re: SSI, return to the page after login (not the board index)
Post by: Orstio on March 30, 2010, 06:21:29 PM
Who is your host?
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on March 30, 2010, 08:01:14 PM
Quote from: Orstio on March 30, 2010, 06:21:29 PM
Who is your host?
DevotedHosting.com
Title: Re: SSI, return to the page after login (not the board index)
Post by: Orstio on March 30, 2010, 10:32:46 PM
Hmm...

Well, I've taken a look at the code in RC3, and it looks like it may need to be tweaked with $context['session_var'] as well, but I'm not sure how exactly you'd pass that as reference.

Thanks for pointing this out before I upgraded.  I don't know that any off-page integration can work reliably like this....
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on March 31, 2010, 05:27:07 AM
In fact I've noticed this just after the upgrade....
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on April 02, 2010, 11:59:51 AM
Have someone tested this behavior with the demo user I've created..?
Title: Re: SSI, return to the page after login (not the board index)
Post by: Orstio on April 02, 2010, 12:03:48 PM
I'vereported it as a bug:

http://www.simplemachines.org/community/index.php?topic=374064.0
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on April 02, 2010, 05:02:09 PM
Orstio, thanks for your report! ;)
What is the code changed in RC3 that causes this behavior? So while waiting a fix I can temporary revert it to the RC2 version....
Title: Re: SSI, return to the page after login (not the board index)
Post by: Orstio on April 09, 2010, 07:27:31 PM
This isn't a solution, but might get you up and running temporarily:

In Load.php, Line 2326, find this:

$sc = $_SESSION['session_value'];

Immediately after that, insert this:

     $_SESSION['session_var']='sesc';

In SSI.php, find this:

// Start the session... known to scramble SSI includes in cases...
if (!headers_sent())
loadSession();
else
{
if (isset($_COOKIE[session_name()]) || isset($_REQUEST[session_name()]))
{
// Make a stab at it, but ignore the E_WARNINGs generted because we can't send headers.
$temp = error_reporting(error_reporting() & !E_WARNING);
loadSession();
error_reporting($temp);
}

if (!isset($_SESSION['session_value']))
{
$_SESSION['session_var'] = substr(md5(mt_rand() . session_id() . mt_rand()), 0, rand(7, 12));
$_SESSION['session_value'] = md5(session_id() . mt_rand());
}
$sc = $_SESSION['session_value'];
}


And replace it with this:

loadSession();

Let me know how that goes.

ETA - You'll also need to add this immediately after your SSI include statement:

$sc = &$context['session_id'];
$_SESSION['USER_AGENT'] = $_SERVER['HTTP_USER_AGENT'];
$context['session_var']='sesc';
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on April 10, 2010, 12:30:09 PM
Thanks Orstio!!!
I'll try it tomorrow when I come back home.. :)
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on April 11, 2010, 08:50:48 AM
I've done all of these edits but the behavior doesn't change at all.
It's the same....

I've cleared the forum/browser cache, tried with other browsers/systems.. I always get a "password wrong" error if I try to login from an ssi page in a subdomain..
Title: Re: SSI, return to the page after login (not the board index)
Post by: Orstio on April 11, 2010, 08:55:43 AM
Can you tell me what the logout link looks like?
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on April 11, 2010, 09:19:47 AM
Quote from: Orstio on April 11, 2010, 08:55:43 AM
Can you tell me what the logout link looks like?
It changes at every refresh, anyway it's like this (as said before, if I click it I get a "sessio verification failed" error"..):
http://forum.rockciclopedia.com/index.php?action=logout;sesc=01f6a6699f6ffb1e91af59ebcc5af76e
http://forum.rockciclopedia.com/index.php?action=logout;sesc=fd4f510b327951b36cc4cde7d1addbc7

...before the edits it was like this:
http://forum.rockciclopedia.com/index.php?action=logout;c5c353da20=6f5e083e2bcac42de4dadd30de861f8b
Title: Re: SSI, return to the page after login (not the board index)
Post by: Orstio on April 11, 2010, 09:34:54 AM
Well, that's better, but still no dice.

What if you change this line:

$sc = &$context['session_id'];

To this:

$sc = &$_SESSION['session_value'];

Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on April 11, 2010, 01:55:06 PM
Quote from: Orstio on April 11, 2010, 09:34:54 AM
Well, that's better, but still no dice.

What if you change this line:
Still the same behavior, logout urls change at every refresh... :(
Title: Re: SSI, return to the page after login (not the board index)
Post by: Orstio on April 11, 2010, 02:11:47 PM
That's OK.

One more try.  Change it to this:

$context['session_id'] = &$_SESSION['session_value'];
$x = ssi_logOnline('array');
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on April 11, 2010, 04:39:41 PM
Unfortunately it's yet the same... :-\  :(
Seems complicated!
Title: Re: SSI, return to the page after login (not the board index)
Post by: Orstio on April 11, 2010, 04:55:48 PM
Then I'm done.  I don't see a way of fixing this without ripping out all of SMF 2.0's session code and replacing it with 1.1's.  :(
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on April 11, 2010, 05:49:18 PM
Quote from: Orstio on April 11, 2010, 04:55:48 PM
Then I'm done.  I don't see a way of fixing this without ripping out all of SMF 2.0's session code and replacing it with 1.1's.  :(
Anyway it's not an issue with all the 2.0 branch... with RC2 it worked!
Title: Re: SSI, return to the page after login (not the board index)
Post by: Orstio on April 11, 2010, 05:51:37 PM
Quote from: MultiformeIngegno on April 11, 2010, 05:49:18 PM
Quote from: Orstio on April 11, 2010, 04:55:48 PM
Then I'm done.  I don't see a way of fixing this without ripping out all of SMF 2.0's session code and replacing it with 1.1's.  :(
Anyway it's not an issue with all the 2.0 branch... with RC2 it worked!

There are 45 known security issues in RC2.  Using that is not an option, either.
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on April 11, 2010, 06:05:21 PM
Quote from: Orstio on April 11, 2010, 05:51:37 PM
Quote from: MultiformeIngegno on April 11, 2010, 05:49:18 PM
Quote from: Orstio on April 11, 2010, 04:55:48 PM
Then I'm done.  I don't see a way of fixing this without ripping out all of SMF 2.0's session code and replacing it with 1.1's.  :(
Anyway it's not an issue with all the 2.0 branch... with RC2 it worked!

There are 45 known security issues in RC2.  Using that is not an option, either.
:o

Now we only need to hope that devs read the relative issue in the tracker (added by Norv). Session verification is a fundamental part of smf, and issues with it IMHO need to be fixed absolutely!
Title: Re: SSI, return to the page after login (not the board index)
Post by: Orstio on April 11, 2010, 06:58:34 PM
Well, if it doesn't get fixed, I know it's a deal-breaker for me.  I can't have a forum that won't integrate.  I've already been sniffing around PunBB to analyze the feasability of converting.  Really makes me wish I hadn't upgraded to any version of 2.0. :(
Title: Re: SSI, return to the page after login (not the board index)
Post by: Nao 尚 on June 08, 2010, 09:05:18 AM
Quote from: MultiformeIngegno on March 28, 2010, 07:00:10 PM
Hello! :)
I've some pages that loads ssi stuff, all is working properly, except that if an user logs in in that page, instead of remain there he's redirected to the board index... is it possible to remain in the page after login instead of been redirected to the board index?
Oh... That answers one of the questions I was asking over here:
http://www.simplemachines.org/community/index.php?topic=374064.msg2659051#msg2659051
Title: Re: SSI, return to the page after login (not the board index)
Post by: Nao 尚 on June 14, 2010, 07:55:02 AM
Quote from: MultiformeIngegno on March 29, 2010, 04:31:47 AM
Thanks... however I can't test this because I noticed that everytime I login from my ssi pages (that work properly, all is displayed fine!) I receive a "password wrong" error, also if it's right...
Now you can do it, eheh.

Food for thought (for devs): how about setting up SSI to set a default value for $_SESSION['login_url'] if it doesn't already have one? We could set it to the current URL...
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on June 14, 2010, 08:02:54 AM
Quote from: Nao on June 14, 2010, 07:55:02 AM
Quote from: MultiformeIngegno on March 29, 2010, 04:31:47 AM
Thanks... however I can't test this because I noticed that everytime I login from my ssi pages (that work properly, all is displayed fine!) I receive a "password wrong" error, also if it's right...
Now you can do it, eheh.
Done.. :D

Quote from: Nao on June 14, 2010, 07:55:02 AM
Food for thought (for devs): how about setting up SSI to set a default value for $_SESSION['login_url'] if it doesn't already have one? We could set it to the current URL...
I was wondering this too.. instead of specify the url of the login/logout url, how can I simply disable the redirection to the board index? The best should be that the user remains to the page where he logged in/out..
Title: Re: SSI, return to the page after login (not the board index)
Post by: Nao 尚 on June 14, 2010, 08:53:27 AM
I know that in some rare cases, a server may not always provide the current URL in headers (such as REQUEST_URI), but it can always be rebuilt one way or another... At worst, the referrer URL could also be used (if it's filled in. If it isn't, well, don't bother.)
Title: Re: SSI, return to the page after login (not the board index)
Post by: MultiformeIngegno on June 14, 2010, 09:10:26 AM
So the code to remain on the same page should be this (without an url..)?

$_SESSION['login_url'] = '' . $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'];
$_SESSION['logout_url'] = '' . $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'];
Title: Re: SSI, return to the page after login (not the board index)
Post by: Nao 尚 on June 14, 2010, 09:58:16 AM
Well, since we're in SSI pages, it's not likely you'll be using a '?' format in your URL... You could just as well be using things like "index,hello.html" or "/page/"... Etc.