Redirect Plugin?

13 posts by 2 authors in: Forums > CMS Builder: Plugins & Add-ons
Last Post: April 25, 2012   (RSS)

By nmsinc - February 25, 2012

I have a quick plugin below for redirect upon CMS record save below. When I save a record the plugin stalls out with what appears to be a error from web page that includes a listing of the redirected page HTML code - any ideas?

Please note that I'm using more than one postsave plugin which should not be a problem; or is it?

Thanks nmsinc

<?php


addAction('record_postsave', '_plugin_redirectonsubmitt', null, 4);

// redirect to specific page on submitt

function _plugin_redirectonsubmitt($tablename, $isNewRecord, $oldRecord, $recordNum) {

redirectBrowserToURL('/claims/listing.php');

}
?>
nmsinc

Re: [nmsinc] Redirect Plugin?

By Dave - February 28, 2012

Hi nmsinc,

Sorry for the delay, it's because you are asking tricky questions! ;)

The edit page saved with AJAX, so anything returned is alert()'d with javascript. Here's a plugin that catches the values on the list page and redirects from there after a save:

addFilter('section_init', '_plugin_RedirectOnSave', null, 2);

function _plugin_redirectonsave($tableName, $action) {
if ($tableName != 'accounts') { return; } // only run on accounts table
if ($action != 'list') { return; } // only run on list
if (!@$_REQUEST['saved']) { return; } // only run when a record was saved

$recordNum = @$_REQUEST['saved'];
$url = "https://www.google.com/search?q=" . urlencode("Saved record $recordNum in $tableName");
redirectBrowserToURL($url);
}


Let me know if that works for you or any questions. Thanks!
Dave Edis - Senior Developer
interactivetools.com

Re: [Dave] Redirect Plugin?

By nmsinc - February 29, 2012

Hi Dave,

Worked perfect as always - you may want to add this plugin to the AddOns list as I can see others needing it!

Thanks again - nmsinc
nmsinc

Re: [nmsinc] Redirect Plugin?

By Dave - February 29, 2012

Glad I could help, nmsinc. :)

Just curious, what are you using it for?
Dave Edis - Senior Developer
interactivetools.com

Re: [Dave] Redirect Plugin?

By nmsinc - February 29, 2012

Hi Dave,



This site has multiple companies with multiple users all having different rights for record creating, editing and viewing. I have a record-listing page that delivers records based on each users privilege. Each record has multiple users and each user may or may not have edit rights on the record.



In the CMS, setting users to “Author/Edit” only gives that user the right to create and edit their own records when others may also need to do so. Setting users to “Editor” gives access to all records on the CMS listing page once the record was saved or edited including records from other companies.



The only idea I came up with was to use a redirect back to the record listing page that we setup each time a user saves a record to keep them from viewing and editing records that belong to other companies!



Thanks - nmsinc
nmsinc

Re: [nmsinc] Redirect Plugin?

By Dave - February 29, 2012

Interesting! I guess the only other work-around would be to use a plugin to show something different altogether for the original list page, although there may be other reasons why that wouldn't work for this situation.

Well good luck with it and let me know if you have any other questions. Thanks!
Dave Edis - Senior Developer
interactivetools.com

Re: [Dave] Redirect Plugin?

By nmsinc - April 23, 2012

Quick question, I had a user today see the record number in the URL, tried and was successful in geeting someon elses record. How can I mask the file number in the URL?

Thanks - nmisnc
nmsinc

Re: [Dave] Redirect Plugin?

By nmsinc - April 23, 2012

Logging in via membership plugin. Records have multiple users who need to access and edit them. They come into the backroom via a link from a custom listing page to a specfic record. Once the record is updated another plugin takes them back to our customer listing page!

Thanks - nmsinc
nmsinc

Re: [nmsinc] Redirect Plugin?

By Dave - April 23, 2012

The best way to secure it would be to figure out the logic for which users are "allowed" to view a specific record. For example, say you had user groups A, B, and C and both users and records were assigned to those groups. You might have some code like this:

if ($CURRENT_USER['group'] != $record['group']) {
die("Sorry, you don't have access to this record");
}


Another way is to use two keys to access the record so it would be much harder to guess. One example might be the createdTime, so you could have an url such as: ?num=123&token=1335201606 then some code:

if ($record['createdTime'] != $_REQUEST['token']) {
die("Sorry, record token is invalid, please check your link!");
}


Or you could just create a new field (eg: lookupID), populate that with an unused random value and lookup on that. eg: viewer.php?lookupID=d131dd02c5e6eec4

If you want a nice random looking string sometimes I used the md5() function for that.

Hope that helps! Let me know any questions.
Dave Edis - Senior Developer
interactivetools.com