SSI, return to the page after login (not the board index)

Started by MultiformeIngegno, March 28, 2010, 07:00:10 PM

Previous topic - Next topic

MultiformeIngegno

Hello! :)
I've some pages that loads ssi stuff, all is working properly, except that if an user logs in in that page, instead of remain there he's redirected to the board index... is it possible to remain in the page after login instead of been redirected to the board index?

Thanks!! ;)
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

Oldiesmann

Yes. Just set $_SESSION['login_url'] to whatever URL you want them sent to before you call ssi_login().
Michael Eshom
Christian Metal Fans

MultiformeIngegno

Thanks... however I can't test this because I noticed that everytime I login from my ssi pages (that work properly, all is displayed fine!) I receive a "password wrong" error, also if it's right... then I'm redirected to the forum login and there it works... instead if I logout I receive a "session error".. don't know why..

Here's my code:

<?php
error_reporting
(E_ALL);

// Specify the page context
$_GET['action'] = 'extra';
$context['faqpage'] = true;
$context['page_title'] = 'FAQs';

$context['outside_forum'] = true;
$ssi_maintenance_off true;

// Layers to be utilized
$ssi_layers = array('html''body');

// Change "true" to "false" to disable Gzip if not supported on your server
$ssi_gzip true;

//This is the SSI.php file in the Board dir.
require('../forum/SSI.php');

// Track stats
trackStats(array('hits' => '+')); trackStats();

writeLog(true);
?>



These pages are in a subdomain. So, as said many and many times here I've disabled local storage for cookies, enabled subdomains indipendent cookies, and set database driven sessions on.

What's wrong..?
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

Arantor

So what URLs are being called when this is happening?

Like what link is being called for logout?

MultiformeIngegno

Quote from: Arantor on March 29, 2010, 07:28:41 AM
So what URLs are being called when this is happening?

Like what link is being called for logout?
My forum url is: forum.rockciclopedia.com. Let's say we're here: extra.rockciclopedia.com (a ssi page). If I try to login using the box there, I'm redirected here: http://forum.rockciclopedia.com/index.php?action=login2 with the "password wrong" error. If there I re-insert my login details (the same!) I can login successfully!
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

Arantor

So what version of SMF?

And for logout, what link does that go to?

MultiformeIngegno

RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

Arantor

And is that link the same link the logout button in the regular forum has?

MultiformeIngegno

No... the one on extra.rockciclopedia.com is: http://forum.rockciclopedia.com/index.php?action=logout;e29c8019d43=a88ce234f58bccf613a348c352c97eb1

The one on the forum is: http://forum.rockciclopedia.com/index.php?action=logout;d9176df5882=21fba82e5437e4904e9546e412d6f916

...anyway if I return to extra.rockciclopedia.com without loggin out, and I copy the link from the "logout" button it has changed again, now is: http://forum.rockciclopedia.com/index.php?action=logout;fd3ec93396=eacf4dc19d77c381da1803f11d94f9ef

On the ssi pages it changes at every refresh, instead the forum one remains always the same (until the session gets expired, of course)!
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

Arantor

So sessions aren't being kept properly. Sure you have subdomain independent cookies on?

MultiformeIngegno

Quote from: Arantor on March 29, 2010, 09:07:26 AM
So sessions aren't being kept properly. Sure you have subdomain independent cookies on?
Sure!
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

MultiformeIngegno

I've noticed another (related) thing.. sometimes smf "forgets" the session and kick me out, so I need to login another time!
For example if I'm writing a post and I wait.. don't know... 5 minutes.. then I can't post because the session is expired!  ???

Strange! And it's strange also that the session "number" changes every time I refresh the page when I'm on a ssi page..
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

Arantor

I'm kinda curious - where did all that code come from? You only actually *need* the include to SSI.php followed by a call to template_header() and a call to template_footer() and you're done really. Everything else is just trappings.

In fact, create a tiny page in that form and see what session ident you get in the displayed logout link....

MultiformeIngegno

I've created a new file with only this:

<?php
//This is the SSI.php file in the Board dir.
require('forum/SSI.php');

template_header();

template_footer();
?>



The same behavior... I'm redirected to the forum login with the "password wrong" error!
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

Arantor

And is the link consistently different in the logout link when you refresh the page?

MultiformeIngegno

Quote from: Arantor on March 29, 2010, 03:27:26 PM
And is the link consistently different in the logout link when you refresh the page?
No, this time the logout link is the same also if I refresh the page.. anyway if I click it I get always the "session verification error"...
So, using this code the logout link in the ssi page remains the same, like the forum one, that remains the same (but they're different).. I can't understand why there's this conflict!!
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

Arantor

Log out - from the forum, and ensure every cookie you have is removed for your site.

Then log back in and see what happens.

MultiformeIngegno

Quote from: Arantor on March 29, 2010, 04:04:00 PM
Log out - from the forum, and ensure every cookie you have is removed for your site.

Then log back in and see what happens.
Already tried.... the same!
I've tried also in "private browsing" or with other computers/browsers, the same..
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

chilly

I have had an error on my site looking exactly the same.
But my problem was solved with deleting every cookie i got for my site (there where cookies for different subdomains + subdomain-independent)
After that everything was fine.

Language Coordinator

MultiformeIngegno

Quote from: chilly on March 30, 2010, 05:16:50 AM
I have had an error on my site looking exactly the same.
But my problem was solved with deleting every cookie i got for my site (there where cookies for different subdomains + subdomain-independent)
After that everything was fine.
I've deleted all my cookies (I've also tried with the "private browsing"), but it's the same..
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

Arantor


Orstio

Try adding this after your SSI include:

$sc = &$context['session_id'];
$_SESSION['USER_AGENT'] = $_SERVER['HTTP_USER_AGENT'];


It won't fix your redirect, but will fix your session loss.

MultiformeIngegno

Quote from: Arantor on March 30, 2010, 07:04:26 AM
So what mods do you have installed?
Aeva Media    1.1b
Stop Spammer    2.3.7
SimplePortal    2.3.1
Sitemap    2.1.2
Images On Board    2.2
Foxy! for Aeva Media    1.26
Online Only Groups in the Group Key    1.0

@Orstio: Also with that code is the same... at every refresh the session value changes..
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

MultiformeIngegno

I've created a test user for you (maybe is useful, I've set also english language to it....):
username: demo
password: demopassword

http://forum.rockciclopedia.com/index.php?action=profile;u=174
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

MultiformeIngegno

Quote from: MultiformeIngegno on March 29, 2010, 01:43:12 PM
For example if I'm writing a post and I wait.. don't know... 5 minutes.. then I can't post because the session is expired!  ???
This means that it's not something related to the ssi code for the pages, but it's something that affects smf "per se"...
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

MultiformeIngegno

RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!


MultiformeIngegno

RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

Orstio

Hmm...

Well, I've taken a look at the code in RC3, and it looks like it may need to be tweaked with $context['session_var'] as well, but I'm not sure how exactly you'd pass that as reference.

Thanks for pointing this out before I upgraded.  I don't know that any off-page integration can work reliably like this....

MultiformeIngegno

#29
In fact I've noticed this just after the upgrade....
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

MultiformeIngegno

Have someone tested this behavior with the demo user I've created..?
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!


MultiformeIngegno

Orstio, thanks for your report! ;)
What is the code changed in RC3 that causes this behavior? So while waiting a fix I can temporary revert it to the RC2 version....
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

Orstio

This isn't a solution, but might get you up and running temporarily:

In Load.php, Line 2326, find this:

$sc = $_SESSION['session_value'];

Immediately after that, insert this:

     $_SESSION['session_var']='sesc';

In SSI.php, find this:

// Start the session... known to scramble SSI includes in cases...
if (!headers_sent())
loadSession();
else
{
if (isset($_COOKIE[session_name()]) || isset($_REQUEST[session_name()]))
{
// Make a stab at it, but ignore the E_WARNINGs generted because we can't send headers.
$temp = error_reporting(error_reporting() & !E_WARNING);
loadSession();
error_reporting($temp);
}

if (!isset($_SESSION['session_value']))
{
$_SESSION['session_var'] = substr(md5(mt_rand() . session_id() . mt_rand()), 0, rand(7, 12));
$_SESSION['session_value'] = md5(session_id() . mt_rand());
}
$sc = $_SESSION['session_value'];
}


And replace it with this:

loadSession();

Let me know how that goes.

ETA - You'll also need to add this immediately after your SSI include statement:

$sc = &$context['session_id'];
$_SESSION['USER_AGENT'] = $_SERVER['HTTP_USER_AGENT'];
$context['session_var']='sesc';

MultiformeIngegno

Thanks Orstio!!!
I'll try it tomorrow when I come back home.. :)
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

MultiformeIngegno

I've done all of these edits but the behavior doesn't change at all.
It's the same....

I've cleared the forum/browser cache, tried with other browsers/systems.. I always get a "password wrong" error if I try to login from an ssi page in a subdomain..
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

Orstio


MultiformeIngegno

RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

Orstio

Well, that's better, but still no dice.

What if you change this line:

$sc = &$context['session_id'];

To this:

$sc = &$_SESSION['session_value'];


MultiformeIngegno

Quote from: Orstio on April 11, 2010, 09:34:54 AM
Well, that's better, but still no dice.

What if you change this line:
Still the same behavior, logout urls change at every refresh... :(
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

Orstio

That's OK.

One more try.  Change it to this:

$context['session_id'] = &$_SESSION['session_value'];
$x = ssi_logOnline('array');

MultiformeIngegno

Unfortunately it's yet the same... :-\  :(
Seems complicated!
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

Orstio

Then I'm done.  I don't see a way of fixing this without ripping out all of SMF 2.0's session code and replacing it with 1.1's.  :(

MultiformeIngegno

Quote from: Orstio on April 11, 2010, 04:55:48 PM
Then I'm done.  I don't see a way of fixing this without ripping out all of SMF 2.0's session code and replacing it with 1.1's.  :(
Anyway it's not an issue with all the 2.0 branch... with RC2 it worked!
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

Orstio

Quote from: MultiformeIngegno on April 11, 2010, 05:49:18 PM
Quote from: Orstio on April 11, 2010, 04:55:48 PM
Then I'm done.  I don't see a way of fixing this without ripping out all of SMF 2.0's session code and replacing it with 1.1's.  :(
Anyway it's not an issue with all the 2.0 branch... with RC2 it worked!

There are 45 known security issues in RC2.  Using that is not an option, either.

MultiformeIngegno

Quote from: Orstio on April 11, 2010, 05:51:37 PM
Quote from: MultiformeIngegno on April 11, 2010, 05:49:18 PM
Quote from: Orstio on April 11, 2010, 04:55:48 PM
Then I'm done.  I don't see a way of fixing this without ripping out all of SMF 2.0's session code and replacing it with 1.1's.  :(
Anyway it's not an issue with all the 2.0 branch... with RC2 it worked!

There are 45 known security issues in RC2.  Using that is not an option, either.
:o

Now we only need to hope that devs read the relative issue in the tracker (added by Norv). Session verification is a fundamental part of smf, and issues with it IMHO need to be fixed absolutely!
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

Orstio

Well, if it doesn't get fixed, I know it's a deal-breaker for me.  I can't have a forum that won't integrate.  I've already been sniffing around PunBB to analyze the feasability of converting.  Really makes me wish I hadn't upgraded to any version of 2.0. :(

Nao 尚

Quote from: MultiformeIngegno on March 28, 2010, 07:00:10 PM
Hello! :)
I've some pages that loads ssi stuff, all is working properly, except that if an user logs in in that page, instead of remain there he's redirected to the board index... is it possible to remain in the page after login instead of been redirected to the board index?
Oh... That answers one of the questions I was asking over here:
http://www.simplemachines.org/community/index.php?topic=374064.msg2659051#msg2659051
I will not make any deals with you. I've resigned. I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered.

Aeva Media rocks your life.

Nao 尚

Quote from: MultiformeIngegno on March 29, 2010, 04:31:47 AM
Thanks... however I can't test this because I noticed that everytime I login from my ssi pages (that work properly, all is displayed fine!) I receive a "password wrong" error, also if it's right...
Now you can do it, eheh.

Food for thought (for devs): how about setting up SSI to set a default value for $_SESSION['login_url'] if it doesn't already have one? We could set it to the current URL...
I will not make any deals with you. I've resigned. I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered.

Aeva Media rocks your life.

MultiformeIngegno

Quote from: Nao on June 14, 2010, 07:55:02 AM
Quote from: MultiformeIngegno on March 29, 2010, 04:31:47 AM
Thanks... however I can't test this because I noticed that everytime I login from my ssi pages (that work properly, all is displayed fine!) I receive a "password wrong" error, also if it's right...
Now you can do it, eheh.
Done.. :D

Quote from: Nao on June 14, 2010, 07:55:02 AM
Food for thought (for devs): how about setting up SSI to set a default value for $_SESSION['login_url'] if it doesn't already have one? We could set it to the current URL...
I was wondering this too.. instead of specify the url of the login/logout url, how can I simply disable the redirection to the board index? The best should be that the user remains to the page where he logged in/out..
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

Nao 尚

I know that in some rare cases, a server may not always provide the current URL in headers (such as REQUEST_URI), but it can always be rebuilt one way or another... At worst, the referrer URL could also be used (if it's filled in. If it isn't, well, don't bother.)
I will not make any deals with you. I've resigned. I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered.

Aeva Media rocks your life.

MultiformeIngegno

So the code to remain on the same page should be this (without an url..)?

$_SESSION['login_url'] = '' . $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'];
$_SESSION['logout_url'] = '' . $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'];
RockCiclopedia (wiki - forum), Tutta la storia del rock, scritta da voi ...
Rimanere aggiornati sul mondo della musica grazie al nuovo feed "RockCiclopedia Music News"!

Nao 尚

Well, since we're in SSI pages, it's not likely you'll be using a '?' format in your URL... You could just as well be using things like "index,hello.html" or "/page/"... Etc.
I will not make any deals with you. I've resigned. I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered.

Aeva Media rocks your life.

Advertisement: