I want to set user logged when he fulfill some requirements and I'm using following function to set cookies in which I'm passing user's id as parameter which is according to wp_users table. But somehow it's not setting user logged in. What's missing and what I should do to set user login and also I want to logout user on some conditions. Both functions are not working.
wp_set_auth_cookie(1)
wp_clear_auth_cookie();
You're most-likely calling these functions after all headers have already been sent to the browser, so in effect you can't send the logged-in cookies to the browser.
The most common error for this is that you try to log-in a user when rendering a shortcode - this will not work in most cases(certain server configurations will allow this, but it's best not to rely on it).
You can hook to the init action and move your logic in there, together with the call to both wp_set_auth_cookie() and wp_clear_auth_cookie().
Use the following code
wp_set_current_user($user_id);
if (wp_validate_auth_cookie()==FALSE)
{
wp_set_auth_cookie($user_id, true, false);
}
Reference wp_set_auth_cookie and wp_set_current_user
I faced a similar issue and worked on solving it for a couple of days.
My solution was pretty interesting, I found out that the wp_clear_auth_cookie function was not working for me if it was called in a regular GET request.
I was able to make it work only if I called it inside of a POST request.
I found this behavior weird and no other reference can be found to this on the web.
I hope it will help you guys.
Related
Every time a user is 15min inactive silverstripe will log out users from the front-end and redirects them to the registration page.
I have not set any of this manualy and i have no glue where this is coming from. So I guess this is implemented by silverstripe itself?
I realy tried hard to find a solution. So maybe some one can help me or point me in the right direction. Where can I change the redirect after logout. This is how i would do it:
$this->redirect('security/login')
Thats all. But i was not able to find out where to put it.
I'm not exactly sure what you mean, but as you can see on Member::logOut() there are some extension hooks you can make use of, a member extension like below could be what you're looking for:
class MyMemberExtension extends DataExtension
{
public function memberLoggedOut()
{
Controller::curr()->redirect('/MyDesiredPage');
}
}
Now, by default Silverstripe won't log people out due to inactivity so that seems like the work of some custom code that has been put in place on your website either by a module or another dev.
Steps to reproduce in our application:
Log out.
Clear the cache.
Reload the page.
Log in.
Actual: You stay on the front page.
Expected: The application opens.
Our main template shows the app if a user is logged in (specifically, {{#if currentUser}}). Otherwise, it shows a splash page where the user can create an account and log in.
We're using the {{loginButtons}} helper.
Would this be a use case for Meteor.flush()? How would I get that to trigger upon user login? Meteor.autorun()?
Could it be that the logic isn't actually in a template you've defined but rather in the index.html itself? I could see how that might cause issues if it hasn't been broken out into some sort of front page logic template from which you call the other templates. Just an idea.
There were a couple things that led to a solution here.
I restructured my front page template to take {{loggingIn}} into account. Before, I was only using {{currentUser}}.
I made sure I wasn't setting Session variables in template helpers, especially not those where I was also getting them in other code paths. This explains why the issue felt like a race condition and only happened with a "cold cache" as I put it.
Also, the reason the view wasn't changing was because of errors preventing it from doing so. So it was a symptom, not the actual problem (although I did need to improve the template conditions a bit).
I've got a Symfony2 site where I would like to display extra information on the Login page depending on the URL that the user is trying to access. I'm using "use_forward". Is there a way to see the URL in the login form's controller?
I guess I could set up multiple firewalls pointing at different login pages, but there could be quite a lot of them, so I'd rather avoid having to do this.
If you want something "proper" then look at the answers to this question.
OR
If you want to do it quick and dirty you can use:
$this->container->get('request')->server->get('PHP_SELF');
Whick will yield something like /project_name/web/app_dev.php/controller_name/ and you can work with that string, but take into account that it will change depending on the enviroment you are working on. The Request class documentation will be your ally in this, ie:
$this->container->get('request')->getBasePath()
Will give you /project_name/web/
You can try to look for this URL in some places:
$url = $request->get('_referer');
If it is empty, then you could try to check the headers
$url = $request->headers->get('Referer');
I have a web application that I use Login Control and ASP.net membership for Sign in process.
my application work propebly untill last week I upload new version, in this version I didnt change the login UC and just the main page ( default page after user logged in ) changed.
but some users report me they cant login and redirect to Login page.
some note:
1- this problem occure just in IE browser
2- users that report this problem can login to old version
I add a log procedure and see users redirected becuase of this code
if (!this.User.Identity.IsAuthenticated)
{
Response.Redirect("~/Secure/Signin.aspx");
}
I checked and see this.User.Identity.Name was empty or null.
What setting maybe changed?
Thanks
I've seen a similar thing happen when there was a malformed FORM tag was rendered inside my ASP.Net Server FORM tag. By 'malformed' I mean that it was missing the required METHOD attribute.
It is my understanding that the HTML spec doesn't support nested FORM tags, so different browsers handle them differently. In my case, I saw a similar issue as you describe, with no issues in Firefox, and major issues in IE.
Check to ensure there are no Nested FORM tags on your page. Also check all FORM tags to ensure they have all required attributes.
Doubt this will solve the problem, it's kind of tangental. But, rather than hand coding the redirect url it's poosible to use
FormsAuthentication.RedirectToLoginPage()
which has the benefit of taking care of the returnUrl and stuff. It'd require the login Url set in the web.config.
I'm working with ASP.Net MVC and I would like to make a web site accesible via the internet, but only to a select few people right now. I want to do something basically exactly like the beta access page with password just like they did on stackoverflow, serverfault, and superuser.
I don't just want to check and redirect in the home controller, I want it to always go there no matter what url is used.
Anyone know how they do it?
I don't know enough about MVC in particular, but it would probably mean creating a base controller and overriding OnActionExecuting or OnAuthorization.
I'd create a custom filter that extended AuthorizeAttribute. That way you can put it on the controllers/actions you wanted, and remove it easily enough. Since it's essentially a decorator, you would be playing nice with the Open/Closed principle too.
If you override AuthorizeCore you can check session/cookie/whatever for the login and if that passes, run the base AuthorizeCore too.
The easy way is to put something in the users session. Run a check either on the master page or in an http handler to see if this session is correct or not. If not redirect to the password capture page. When the password is provided then set the session variable...wa la they are in.
If you want to remember them then also drop a cookie and add that to your check as well.