Website membership plugin issue

By lozzer - February 15, 2014

I'm running Website Membership v1.10 on CMSB 2.53. I want to users manually, so there is no user-signup page. All other pages are present (user-login, user-profile, user-password-reset and user-password-request) plus user-logoff.

I have set the following URLs for redirect:

$GLOBALS['WEBSITE_LOGIN_POST_LOGIN_URL'] = '/membersdiary.php';
$GLOBALS['WEBSITE_LOGIN_POST_LOGOFF_URL'] = '/user-logoff.php';

user-logoff is via a text link:  ?action=logoff

On both login and logoff, the page which loads can to be any one a number of previously visited pages (on this website). Logoff certainly never redirects to user-logoff.php

Am I missing something obvious?

Hi Lozzer,

This sounds like you might have the lasturl cookie set on some pages, here is some example code that shows how it is set:

setPrefixedCookie('lastUrl', '/aDifferentPage.php');

So the lastUrl cookie is used to set the last page a user visited, and if it's set then the globals WEBSITE_LOGIN_POST_LOGIN_URL and WEBSITE_LOGIN_POST_LOGOFF_URL will be ignored, and the page set in the cookie will be used instead.

Do you know if any of your pages are setting this variable?

Thanks!

Greg

Greg Thomas







PHP Programmer - interactivetools.com

By lozzer - February 19, 2014

Hi Greg,

Thanks for your reply. I used the generated code for 'user-login.php' which contains the following code:

if (!getPrefixedCookie('lastUrl')) { setPrefixedCookie('lastUrl', @$_SERVER['HTTP_REFERER'] ); } 

I also note that 'websiteMembership.php' page itself has the following code:

if ($returnAfterLogin) { setPrefixedCookie('lastUrl', thisPageUrl()); }

Do these have to be removed? No other pages have the lastUrl cookie...

Hi,

If you remove or comment out this line from your user-login.php page:

if (!getPrefixedCookie('lastUrl')) { setPrefixedCookie('lastUrl', @$_SERVER['HTTP_REFERER'] ); } 

Then users should stop being redirected to the previous page they were on before logging in. 

This line is setting the lastUrl cookie to the page that the user came from to the login page. Then the website membership plugin redirects to that page instead of the one set in $GLOBALS['WEBSITE_LOGIN_POST_LOGIN_URL'] after log in.

Let me know if this doesn't resolve the issue.

Thanks!

Greg

Greg Thomas







PHP Programmer - interactivetools.com

Hi,

I've had a look at the latest version of the websiteMembership plugin, and the code that decides which page a user is redirected to is on line 184 of websiteMembership.php is:

  $logoffUrl = coalesce(@$_SERVER['HTTP_REFERER'], $GLOBALS['WEBSITE_LOGIN_POST_LOGOFF_URL'],  $currentPageUrl, '/');

This code will currently redirect a user to the last page they were on when they press the logoff button, even when $GLOBALS['WEBSITE_LOGIN_POST_LOGOFF_URL'] is set. I think you need to change line 184 to this:

  $logoffUrl = coalesce($GLOBALS['WEBSITE_LOGIN_POST_LOGOFF_URL'], @$_SERVER['HTTP_REFERER'],  $currentPageUrl, '/');

So the coalesce function returns the first variable that is passed into it that has a value, as most servers have $_SERVER['HTTP_REFERER'] set, the user is redirected to this regardless of what is set in $GLOBALS['WEBSITE_LOGIN_POST_LOGOFF_URL']. The change above will fix this.

I'm currently discussing with our senior developer if we should change this line in the next release of the plugin.

Thanks!

Greg

Greg Thomas







PHP Programmer - interactivetools.com

By lozzer - February 24, 2014

That's great Greg - everything works perfectly now! Thanks for all your help - Lozzer