Jump to content
Sign in to follow this  
LeeFoster

Admin - Redirect after login

Recommended Posts

I have recently installed a multi level admin and I'd like to add a redirect function so admins are directed to a specific page based on their groups.

I know how to add the page to the database for the redirect what I'm struggling with is how to inject the redirect into the core login function (without core changes).

Has anyone done anything similar?

Share this post


Link to post
Share on other sites

I've created a hook for this but so far it is not working. 

I am using 

$OSCOM_Hooks->call('login', 'processAction');

in admin/login.php to hook to and my hook code is below

class hook_admin_login_admin_group_redirect {
  var $version = '1.0.0';
  
  function listen_processAction() {
	  
    if (isset($_SESSION['admin'])) {
		
		$default_page_query = teb_db_query('select default_page from administrator_groups where administrator_group_id = '.$_SESSION['user_group_id'].'');
		$default_page = tep_db_fetch_array($default_page_query);
		
	  tep_redirect(tep_href_link($default_page));
	}
    
  }
   
}

Any pointers on where I'm going wrong?

Share this post


Link to post
Share on other sites
1 hour ago, burt said:

if (isset($_SESSION['admin'])) {

is the user called "admin", which would seem to not be what you want.

No, I was trying to look for the admin array.

Share this post


Link to post
Share on other sites
              if (isset($_SESSION['redirect_origin'])) {
                $page = $redirect_origin['page'];
                $get_string = http_build_query($redirect_origin['get']);

                unset($_SESSION['redirect_origin']);

                tep_redirect(tep_href_link($page, $get_string));
              } else {
                tep_redirect(tep_href_link('index.php'));
              }

This code runs before the

$OSCOM_Hooks->call('login', 'processAction');

I.e. the hook only runs when log in fails. 

I think that you would be better off hooking

  $OSCOM_Hooks->call('login', 'preAction');

and setting the redirect_origin if it is not already set when the action is 'process'. 

Alternately, duplicate the entire process action in the preAction hook and unset the action, which would let you make more changes. 

Note that you may find that you get more help within the Phoenix Club. 


Always back up before making changes.

Share this post


Link to post
Share on other sites
2 hours ago, ecartz said:

Note that you may find that you get more help within the Phoenix Club. 

I'm happy for it to be moved.

 

2 hours ago, ecartz said:

Alternately, duplicate the entire process action in the preAction hook and unset the action, which would let you make more changes. 

I may have to go down this route as the issue I am now having is that the admin group id isn't set in the preAction, meaning I can't get the redirect page.

class hook_admin_login_admin_group_redirect {
  var $version = '1.0.0';
  
  function listen_preAction() {
	  	
		
		//$default_page_query = tep_db_query('select default_page from administrator_groups where administrator_group_id = '.$_SESSION['user_group_id'].'');
		//$default_page = tep_db_fetch_array($default_page_query);
		  
	  $_SESSION['redirect_origin'] = [
                'page' => 'info_pages.php,
		        'get' => '',
               ];
	
    
  }
   
}

The above works, the below doesnt

class hook_admin_login_admin_group_redirect {
  var $version = '1.0.0';
  
  function listen_preAction() {
	  	
		
		$default_page_query = tep_db_query('select default_page from administrator_groups where administrator_group_id = '.$_SESSION['user_group_id'].'');
		$default_page = tep_db_fetch_array($default_page_query);
		  
	  $_SESSION['redirect_origin'] = [
                'page' => $default_page['default_page'],
		        'get' => '',
               ];
	
    
  }
   
}

 

Share this post


Link to post
Share on other sites

Even without moving all the logic, you could use the same logic for finding the user_group_id as you do later. 

Another option would be to create a page called redirect.php and always redirect to that -- your info pages example proves that works.  Then, on that page, redirect to the correct page by "user_group_id". 

For that matter, a hook on index.injectAppTop would allow you to redirect after going to the index page. 


Always back up before making changes.

Share this post


Link to post
Share on other sites
3 hours ago, ecartz said:

For that matter, a hook on index.injectAppTop would allow you to redirect after going to the index page. 

Would this not result in it always redirect though not just on login?

Share this post


Link to post
Share on other sites

I'm assuming that you'd use this for people who aren't allowed to view the index page. 

If you want people who can view the index page to start with a different page, you'd probably need to use one of the other solutions.  Or add another session variable for "just logged in" that you would unset just before redirecting. 


Always back up before making changes.

Share this post


Link to post
Share on other sites
2 minutes ago, ecartz said:

I'm assuming that you'd use this for people who aren't allowed to view the index page. 

Probably not, just wanted to cover my bases for in future though.

Share this post


Link to post
Share on other sites

Could I do the redirect in this code to avoid any core changes?

<?php
/*
  $Id$

  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2020 osCommerce

  Released under the GNU General Public License
*/
 function check_admin_group($administrator_group_access_file){
	  global $PHP_SELF, $language, $cfgModules, $admin;
	  $is_valid_access = true;

	  $exclude_pages = array(
		  'index.php', 'login.php', 'invoice.php', 'packingslip.php', 'popup_image.php'
	  );
	   $administrator_group_id = (int)$admin['user_group_id'];
	  if($administrator_group_id != '' && $administrator_group_id > 0 && !in_array($administrator_group_access_file, $exclude_pages)){
		  $check_file_access = tep_db_query("select ag.administrator_group_id from administrator_groups ag, administrator_group_access aga where aga.administrator_group_id = ag.administrator_group_id and ag.administrator_group_id = '" . (int)$administrator_group_id . "' and aga.administrator_group_access_file = '" . $administrator_group_access_file . "'");
		  if(!tep_db_num_rows($check_file_access))$is_valid_access = false;
	  }

	  return $is_valid_access;
  }

 function display_block_to_admin_group($administrator_group_block){
	    global $PHP_SELF, $language, $cfgModules, $admin;
	  $display_block_to_admin_group = false;
	 $administrator_group_id = (int)$admin['user_group_id'];

	  if($administrator_group_id <= 0){
		  $display_block_to_admin_group = true;
	  }

	if($administrator_group_block != '' && $administrator_group_id > 0){
		  $check_file_access = tep_db_query("select ag.administrator_group_id from administrator_groups ag, administrator_group_access aga where aga.administrator_group_id = ag.administrator_group_id and ag.administrator_group_id = '" . (int)$administrator_group_id . "'");
		  if(tep_db_num_rows($check_file_access))$display_block_to_admin_group = true;
		
	  }

	  return $display_block_to_admin_group;
  }
  if ( file_exists(DIR_FS_ADMIN . 'includes/languages/english/hooks/iMenu.php') ) {
            include_once(DIR_FS_ADMIN . 'includes/languages/english/hooks/iMenu.php') ;
          }

class hook_admin_siteWide_aMenu {
  var $version = '1.0.0';
   var $siteend = null;
 
 
 function listen_injectSiteStart() {
     global $PHP_SELF, $language, $cfgModules, $admin , $current_page;
   
  
   $administrator_group_id = isset($_SESSION['admin']['user_group_id']);
  if( $administrator_group_id <=0)
  {
  $check_query = tep_db_query("SELECT id, user_name, user_password, user_group_id, default_page FROM administrators as a join administrator_groups as ag on a.user_group_id = ag.administrator_group_id WHERE id = '" .(int)$admin['id'] . "'");
  if (tep_db_num_rows($check_query) == 1) {
            $check = tep_db_fetch_array($check_query);
   
 // unset($_SESSION['admin']);
        $_SESSION['admin'] = [
                'id' => $check['id'],
                'username' => $check['user_name'],
                'user_group_id' => $check['user_group_id'],
			    'default_page' => $check['default_page']
              ];

  
   }
  }
	 
  if(!check_admin_group($current_page)){
//		tep_redirect(tep_href_link('index.php'));
echo '<script>
window.location.replace("'.DIR_WS_HTTPS_ADMIN.'/index.php");
</script>';

	}
   }
 function listen_injectBodyStart() {



    global $PHP_SELF, $language, $cfgModules, $admin;
   
    $output = null;

    if (basename($PHP_SELF) != 'login.php') {
      $cl_box_groups = array();

      if ($dir = @dir(DIR_FS_ADMIN . 'includes/boxes')) {
        $files = array();

        while ($file = $dir->read()) {
          if (!is_dir($dir->path . '/' . $file)) {
            if (substr($file, strrpos($file, '.')) == '.php') {
               if ((strpos($file, 'paypal2') === false) &&($file!='configuration_administrators.php'))  $files[] = $file;
            }
          }
        }

        $dir->close();
        
        natcasesort($files);

        foreach ( $files as $file ) {
          if ( file_exists(DIR_FS_ADMIN . 'includes/languages/' . $language . '/modules/boxes/' . $file) ) {
            include_once(DIR_FS_ADMIN . 'includes/languages/' . $language . '/modules/boxes/' . $file);
          }

          include_once($dir->path . '/' . $file);
        }
      }

      function tep_sort_a_boxes($a, $b) {
        return strcasecmp(strip_tags($a['heading']), strip_tags($b['heading']));
      }

      usort($cl_box_groups, 'tep_sort_a_boxes');

      function tep_sort_a_boxes_links($a, $b) {
        return strcasecmp($a['title'], $b['title']);
      }

      foreach ( $cl_box_groups as &$group ) {
        usort($group['apps'], 'tep_sort_a_boxes_links');
      }
  
      $n = 1; $mr = null;
     foreach ($cl_box_groups as $groups) {
 if(display_block_to_admin_group($groups['heading'])) {
        $mr .= '<li class="nav-item dropdown">';
        $mr .= '<a class="nav-link dropdown-toggle" href="#" id="navbar_' . $n . '" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">' . $groups['heading'] . '</a>';
        $al = ($n > 6) ? ' dropdown-menu-right' : '';
        $mr .= '<div class="dropdown-menu' . $al . '" aria-labelledby="navbar_' . $n . '">';
       foreach ($groups['apps'] as $app) {        
  if(check_admin_group($app['code'])) 
        $mr .= '<a class="dropdown-item" href="' . $app['link'] . '">' . $app['title'] . '</a>';
          }
          $mr .= '</div>';
        $mr .= '</li>' . PHP_EOL;
        
        $n++;
      }
 }
    
      
        $output .= '<nav id="iMenu" class="navbar navbar-expand-md sticky-top navbar-dark bg-dark">';
        $output .= '<a class="navbar-brand" href="' . tep_href_link('index.php') . '">' . tep_image('images/CE-Phoenix-30-30.png', 'OSCOM CE Phoenix v' . tep_get_version(), 30, 30, null, false) . '</a>';
        $output .= '<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarAdmin" aria-controls="navbarAdmin" aria-expanded="false" aria-label="Toggle navigation"><span class="navbar-toggler-icon"></span></button>';
        $output .= '<div class="collapse navbar-collapse" id="navbarAdmin">';
        $output .= '<ul class="navbar-nav mr-auto">' . $mr . '</ul>';
        $output .= '</div>';
        $output .= '</nav>';
      
        $output .= '<div class="col bg-light">';
        $output .= '<ul class="nav justify-content-end" id="a1">';
        $output .= '<li class="nav-item"><a class="nav-link" target="_blank" href="https://forums.oscommerce.com/clubs/1-phoenix/">' .tep_image('images/icon_phoenix.png', 'Phoenix') . ' ' . HEADER_TITLE_PHOENIX_CLUB . '</a></li>';
        $output .= '<li class="nav-item"><a class="nav-link" href="' . tep_href_link('certified_addons.php') . '">' . tep_image('images/icon_phoenix.png', 'Phoenix') . ' ' . HEADER_TITLE_CERTIFIED_ADDONS . '</a></li>';
        $output .= '<li class="nav-item"><a class="nav-link" href="' . tep_catalog_href_link() . '">' . HEADER_TITLE_ONLINE_CATALOG . '</a></li>';
    $output .= '<li class="nav-item"><a class="nav-link text-danger" href="' . tep_href_link('login.php', 'action=logoff') . '">' . sprintf(HEADER_TITLE_LOGOFF, $admin['username']) . '</a></li>';
        $output .= '</ul>';
        $output .= '</div>';
      
      $output .= '<hr class="w-100 m-0 p-0 mb-0">';
//$output .= '<script>$(".navbar").hide(); $("#iMenu").show();  </script>';
//$output .= '<script>$(".justify-content-end").hide(); $("#a1").show();  </script>';
      return $output;
    }
  }
 function listen_injectSiteEnd() {
    $this->siteend .= '<script>$(".navbar").hide(); $("#iMenu").show();  </script>';
    $this->siteend .= '<script>$(".justify-content-end").hide(); $("#a1").show();  </script>';
    return $this->siteend;
  }
}

 

Share this post


Link to post
Share on other sites

 

18 minutes ago, LeeFoster said:

$_SESSION['admin'] = [
  'id' => $check['id'],
  'username' => $check['user_name'],
  'user_group_id' => $check['user_group_id'],
  'default_page' => $check['default_page'],
];

 

I would try doing it immediately after that code. 

You also might change

echo '<script>
window.location.replace("'.DIR_WS_HTTPS_ADMIN.'/index.php");
</script>';

 


Always back up before making changes.

Share this post


Link to post
Share on other sites
1 minute ago, ecartz said:

 

I would try doing it immediately after that code. 

You also might change


echo '<script>
window.location.replace("'.DIR_WS_HTTPS_ADMIN.'/index.php");
</script>';

 

I literally just did this  

 $_SESSION['admin'] = [
                'id' => $check['id'],
                'username' => $check['user_name'],
                'user_group_id' => $check['user_group_id'],
			    'default_page' => $check['default_page']
              ];
echo '<script>
window.location.replace("'.$check['default_page'].'");
</script>';

Testing it now.

Share this post


Link to post
Share on other sites

I don't understand why you cannot simply add in a hook of your own in login.php (or elsewhere if better placed elsewhere)

You are;

  1. not limited to pre-placed hooks
  2. able to request a pre-placed hook (on the basis that you can show a use case and that it works without causing other conflicts)
Edited by burt

Share this post


Link to post
Share on other sites
50 minutes ago, burt said:

I don't understand why you cannot simply add in a hook of your own in login.php (or elsewhere if better placed elsewhere)

You are;

  1. not limited to pre-placed hooks
  2. able to request a pre-placed hook (on the basis that you can show a use case and that it works without causing other conflicts)

1. I didn't want to add one in that would be over written

2. I know I was testing with my on hook before requesting one

I actually managed to fix it without a hook.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×