SSI, return to the page after login (not the board index)

[Orstio]

That's OK.

One more try.  Change it to this:

Code Select Expand

$context['session_id'] = &$_SESSION['session_value'];
$x = ssi_logOnline('array');

[MultiformeIngegno]

Unfortunately it's yet the same...  
Seems complicated!

[Orstio]

Then I'm done.  I don't see a way of fixing this without ripping out all of SMF 2.0's session code and replacing it with 1.1's. 

[MultiformeIngegno]

Then I'm done.  I don't see a way of fixing this without ripping out all of SMF 2.0's session code and replacing it with 1.1's. 

Anyway it's not an issue with all the 2.0 branch... with RC2 it worked!

[Orstio]

Then I'm done.  I don't see a way of fixing this without ripping out all of SMF 2.0's session code and replacing it with 1.1's. 

Anyway it's not an issue with all the 2.0 branch... with RC2 it worked!

There are 45 known security issues in RC2.  Using that is not an option, either.

[MultiformeIngegno]

Then I'm done.  I don't see a way of fixing this without ripping out all of SMF 2.0's session code and replacing it with 1.1's. 

Anyway it's not an issue with all the 2.0 branch... with RC2 it worked!

There are 45 known security issues in RC2.  Using that is not an option, either.

Now we only need to hope that devs read the relative issue in the tracker (added by Norv). Session verification is a fundamental part of smf, and issues with it IMHO need to be fixed absolutely!

[Orstio]

Well, if it doesn't get fixed, I know it's a deal-breaker for me.  I can't have a forum that won't integrate.  I've already been sniffing around PunBB to analyze the feasability of converting.  Really makes me wish I hadn't upgraded to any version of 2.0.

[Nao 尚]

Hello!
I've some pages that loads ssi stuff, all is working properly, except that if an user logs in in that page, instead of remain there he's redirected to the board index... is it possible to remain in the page after login instead of been redirected to the board index?

Oh... That answers one of the questions I was asking over here:
http://www.simplemachines.org/community/index.php?topic=374064.msg2659051#msg2659051

[Nao 尚]

Thanks... however I can't test this because I noticed that everytime I login from my ssi pages (that work properly, all is displayed fine!) I receive a "password wrong" error, also if it's right...

Now you can do it, eheh.

Food for thought (for devs): how about setting up SSI to set a default value for $_SESSION['login_url'] if it doesn't already have one? We could set it to the current URL...

[MultiformeIngegno]

Thanks... however I can't test this because I noticed that everytime I login from my ssi pages (that work properly, all is displayed fine!) I receive a "password wrong" error, also if it's right...

Now you can do it, eheh.

Done..

Food for thought (for devs): how about setting up SSI to set a default value for $_SESSION['login_url'] if it doesn't already have one? We could set it to the current URL...

I was wondering this too.. instead of specify the url of the login/logout url, how can I simply disable the redirection to the board index? The best should be that the user remains to the page where he logged in/out..

[Nao 尚]

I know that in some rare cases, a server may not always provide the current URL in headers (such as REQUEST_URI), but it can always be rebuilt one way or another... At worst, the referrer URL could also be used (if it's filled in. If it isn't, well, don't bother.)

[MultiformeIngegno]

So the code to remain on the same page should be this (without an url..)?

Code Select Expand


$_SESSION['login_url'] = '' . $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'];
$_SESSION['logout_url'] = '' . $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'];


[Nao 尚]

Well, since we're in SSI pages, it's not likely you'll be using a '?' format in your URL... You could just as well be using things like "index,hello.html" or "/page/"... Etc.