I tried using BackURL parameter as what is in the link but it does not redirect to go-here
<domain>/Security/changepassword?m=41&t=4d31275546aff1e16413a2021980b9721e375c15cde307f52f9a1a4f867fb6aaa519acd39cae373711fefc0b2984b1fc2d2e615e2b862e48fe25bbf15db48e3c&BackURL=/go-here.
This does not look to be as simple as you have requested because the logic within ChangePasswordHandler.php is not using that when the ChangePasswordForm is submitted. I would not advise changing how the security works in this area.
Related
When I add a website (url) to a user in wordpress, it automatically gets "http://" added to the start of the url. Is there a way to stop this happening? It is causing other plugins to not function properly as I call on the user_url but need the http to not be present?
edit: i have tried editing user-edit.php to change the "Website:" field input type to text instead of url, but no avail.
Thanks, Nick
What plugins are causing issues with that? It usually works perfect and must not have any issues as per my opinion.
but there is one trick that MIGHT work in this scenario : using Protocol relative URLs
So instead of putting user website as "www.yahoo.com", try putting "//www.yahoo.com" and see if it works for you.
I want to set user logged when he fulfill some requirements and I'm using following function to set cookies in which I'm passing user's id as parameter which is according to wp_users table. But somehow it's not setting user logged in. What's missing and what I should do to set user login and also I want to logout user on some conditions. Both functions are not working.
wp_set_auth_cookie(1)
wp_clear_auth_cookie();
You're most-likely calling these functions after all headers have already been sent to the browser, so in effect you can't send the logged-in cookies to the browser.
The most common error for this is that you try to log-in a user when rendering a shortcode - this will not work in most cases(certain server configurations will allow this, but it's best not to rely on it).
You can hook to the init action and move your logic in there, together with the call to both wp_set_auth_cookie() and wp_clear_auth_cookie().
Use the following code
wp_set_current_user($user_id);
if (wp_validate_auth_cookie()==FALSE)
{
wp_set_auth_cookie($user_id, true, false);
}
Reference wp_set_auth_cookie and wp_set_current_user
I faced a similar issue and worked on solving it for a couple of days.
My solution was pretty interesting, I found out that the wp_clear_auth_cookie function was not working for me if it was called in a regular GET request.
I was able to make it work only if I called it inside of a POST request.
I found this behavior weird and no other reference can be found to this on the web.
I hope it will help you guys.
I've got a Symfony2 site where I would like to display extra information on the Login page depending on the URL that the user is trying to access. I'm using "use_forward". Is there a way to see the URL in the login form's controller?
I guess I could set up multiple firewalls pointing at different login pages, but there could be quite a lot of them, so I'd rather avoid having to do this.
If you want something "proper" then look at the answers to this question.
OR
If you want to do it quick and dirty you can use:
$this->container->get('request')->server->get('PHP_SELF');
Whick will yield something like /project_name/web/app_dev.php/controller_name/ and you can work with that string, but take into account that it will change depending on the enviroment you are working on. The Request class documentation will be your ally in this, ie:
$this->container->get('request')->getBasePath()
Will give you /project_name/web/
You can try to look for this URL in some places:
$url = $request->get('_referer');
If it is empty, then you could try to check the headers
$url = $request->headers->get('Referer');
I have a web application that I use Login Control and ASP.net membership for Sign in process.
my application work propebly untill last week I upload new version, in this version I didnt change the login UC and just the main page ( default page after user logged in ) changed.
but some users report me they cant login and redirect to Login page.
some note:
1- this problem occure just in IE browser
2- users that report this problem can login to old version
I add a log procedure and see users redirected becuase of this code
if (!this.User.Identity.IsAuthenticated)
{
Response.Redirect("~/Secure/Signin.aspx");
}
I checked and see this.User.Identity.Name was empty or null.
What setting maybe changed?
Thanks
I've seen a similar thing happen when there was a malformed FORM tag was rendered inside my ASP.Net Server FORM tag. By 'malformed' I mean that it was missing the required METHOD attribute.
It is my understanding that the HTML spec doesn't support nested FORM tags, so different browsers handle them differently. In my case, I saw a similar issue as you describe, with no issues in Firefox, and major issues in IE.
Check to ensure there are no Nested FORM tags on your page. Also check all FORM tags to ensure they have all required attributes.
Doubt this will solve the problem, it's kind of tangental. But, rather than hand coding the redirect url it's poosible to use
FormsAuthentication.RedirectToLoginPage()
which has the benefit of taking care of the returnUrl and stuff. It'd require the login Url set in the web.config.
I'm working with ASP.Net MVC and I would like to make a web site accesible via the internet, but only to a select few people right now. I want to do something basically exactly like the beta access page with password just like they did on stackoverflow, serverfault, and superuser.
I don't just want to check and redirect in the home controller, I want it to always go there no matter what url is used.
Anyone know how they do it?
I don't know enough about MVC in particular, but it would probably mean creating a base controller and overriding OnActionExecuting or OnAuthorization.
I'd create a custom filter that extended AuthorizeAttribute. That way you can put it on the controllers/actions you wanted, and remove it easily enough. Since it's essentially a decorator, you would be playing nice with the Open/Closed principle too.
If you override AuthorizeCore you can check session/cookie/whatever for the login and if that passes, run the base AuthorizeCore too.
The easy way is to put something in the users session. Run a check either on the master page or in an http handler to see if this session is correct or not. If not redirect to the password capture page. When the password is provided then set the session variable...wa la they are in.
If you want to remember them then also drop a cookie and add that to your check as well.