AdminController redirect to homepage

Question

AdminController redirect to homepage

Alexandru Bese Dec '16

Created Dec '16	Last Reply Dec '16	Replies 9	Views 1117	Votes 0

Alexandru Bese 1.3k

Dec '16

Hi guys, What I want to do is if anyone accesses /admin/ and does not have the session variable to get redirected to homepage ("/" route) .

What I want to do, is make a general check in the AdminController only once :

public function onConstruct()
{
    if (is_null($this->session->get('auth-identity'))) {
        header('Location: /');
        return;
    }
}

And this works fine, but I don`t like this method - I would like to use the response object and redirect, but when trying with $response->redirect('/'); , when accessing '/admin/' - my index controller response is returned with no redirect.

Can you please guide me here?

le51
43.9k

Accepted
answer

Dec '16

no redirect gets done

in the doc : https://docs.phalcon.io/en/latest/reference/response.html#making-redirections

Note that a redirection doesn’t disable the view component, so if there is a view associated with the current action it will be executed anyway. You can disable the view from a controller by executing $this->view->disable();

Wojciech Ślawski · Answer 1 · 2016-12-17T09:13:17-07:00

Wojciech Ślawski
145.0k

edited Dec '16
Dec '16

do return $this->response->redirect("/")

Alexandru Bese · Answer 2 · 2016-12-17T09:18:52-07:00

I tried that and it does not work, the index method gets called and the reponse appears on the page - no redirect gets done.

le51 · Answer 3 · 2016-12-17T09:19:21-07:00

Hi,

as said, use $this->response->redirect('/') if you want to get "/" in the url

If you use:


        $this->dispatcher->forward(
            [
                "controller" => "index",
                "action"     => "index",
            ]
        );

you will keep "/admin/" in the url

Wojciech Ślawski · Answer 4 · 2016-12-17T09:20:17-07:00

Wojciech Ślawski
145.0k

Dec '16

Forward is other thing, redirect is other thing. Im guessing you mean return keyword ?

Alexandru Bese · Answer 5 · 2016-12-17T09:25:25-07:00

Yes, I tried the return and it does not work.

Should I use another method instead of the onConstruct() ?

Using the dispatcher for forward is not an option - I want to redirect the user to the homepage and not show the admin url and the homepage view.

public function onConstruct()
{
    if (is_null($this->session->get('auth-identity'))) {
        $this->view->disable();
        return $this->response->redirect("/");
    }
}

It does not work.

==== Edit:

The index action was like this:

public function indexAction() { echo 'admin index';exit(); }

After I deleted the echo statement the redirect worked, So you guys are saying that with $this->view->disable(); I won't have a problem with redirect in the future when I will have a valid view for the index action?

le51 · Answer 6 · 2016-12-17T09:28:40-07:00

le51
43.9k

Dec '16

are you sure that your "if" statement works ?

Alexandru Bese · Answer 7 · 2016-12-17T09:36:43-07:00

One more question - this might be in the documentation or somewhere on the net, but why do I get redirected to "/index.php/" instead of "/" ?

Alexandru Bese · Answer 8 · 2016-12-17T09:51:56-07:00

I fixed the redirect with: return $this->response->redirect("/", true);

Thanks a lot guys for your help.

le51 · Answer 9 · 2016-12-17T09:52:46-07:00

why do I get redirected to "/index.php/" instead of "/"

I don't know !! Does url rewrite working correctly in the whole application ?

Alexandru Bese · Answer 10 · 2016-12-17T10:24:30-07:00

Yes it does - I finally figured it out, I had to add: $url->setBaseUri('/');

Into my services.php at the url section and it fixed it.

Jonathan Aaron Steel · Answer 11 · 2016-12-17T12:29:55-07:00

This holds true also for Simple View component which does not have disable() method. View is being executed and HTTP body content is flushed directly to the client.

This is a serious security concern, in other words - your routes are all visible via command line (browsers will not display content if HTTP status code is ~300).

no redirect gets done

in the doc : https://docs.phalcon.io/en/latest/reference/response.html#making-redirections

Note that a redirection doesn’t disable the view component, so if there is a view associated with the current action it will be executed anyway. You can disable the view from a controller by executing $this->view->disable();

le51 · Answer 12 · 2016-12-17T16:27:11-07:00

For the app I'm working on, that default behavior is pretty good. I'm using invo based plugins. So when a user hit a not found or a forbidden ressource, he stays in its view environment (like guest, user and admin template). I've discovered this in the doc because of Aleandru Bese's problem !

Jonathan Aaron Steel · Answer 13 · 2016-12-18T07:08:28-07:00

Well, if you're already using ACL, fine, but for instance in Micro app with Controllers as handlers, that seems like overkill. Thus, with Micro I'm using after() middleware to fully control output (Response object).