Login

ollieonline · 05-20-2024, 09:09 AM

I have the lastest versions of CI (4.5.1) and Sheild (1.0.3) installed.
When a user attempts to login with an invalid password no error messages are displayed. It simply reloads the login screen blank.
I have customised the view but this is the same if I use my customised view or the one that comes 'out of the box'.
Does anyone have any ideas? Am I missing something really simple (probable!)

datamweb · 05-22-2024, 09:47 PM

Enable the debugging tool(CI_ENVIRONMENT = development).

Go to the Vars tab.
See if there is a value for the error variable.

If the error value is displayed, then you have a problem with the view configuration.

Make sure the following code is in the view:

PHP Code:
                <?php if (session('error') !== null) : ?>
                    <div class="alert alert-danger" role="alert"><?= session('error') ?></div>
                <?php elseif (session('errors') !== null) : ?>
                    <div class="alert alert-danger" role="alert">
                        <?php if (is_array(session('errors'))) : ?>
                            <?php foreach (session('errors') as $error) : ?>
                                <?= $error ?>
                                <br>
                            <?php endforeach ?>
                        <?php else : ?>
                            <?= session('errors') ?>
                        <?php endif ?>
                    </div>
                <?php endif ?>

                <?php if (session('message') !== null) : ?>
                <div class="alert alert-success" role="alert"><?= session('message') ?></div>
                <?php endif ?>

shield-oauth | CodeIgniter SMS Rocket | CodeIgniter DEA Rule

WitER · 05-26-2024, 04:23 AM

(05-22-2024, 09:47 PM)datamweb Wrote: Enable the debugging tool(CI_ENVIRONMENT = development).

Go to the Vars tab.
See if there is a value for the error variable.

If the error value is displayed, then you have a problem with the view configuration.

Make sure the following code is in the view:

PHP Code:
<?php if (session('error') !== null) : ?> <div class="alert alert-danger" role="alert"><?= session('error') ?></div> <?php elseif (session('errors') !== null) : ?> <div class="alert alert-danger" role="alert"> <?php if (is_array(session('errors'))) : ?> <?php foreach (session('errors') as $error) : ?> <?= $error ?> <br> <?php endforeach ?> <?php else : ?> <?= session('errors') ?> <?php endif ?> </div> <?php endif ?> <?php if (session('message') !== null) : ?> <div class="alert alert-success" role="alert"><?= session('message') ?></div> <?php endif ?>

It doesn't work. Session messages are dropped when redirect to form page.
If u watch in debugbar, u see that u're last request record having type GET and previously record is POST. Load previously record and see session messages in Vars tab.
Now u can see, messages are dropped somewhere between login action and showing form.

WitER · 05-26-2024, 10:33 AM

I think the problem is related to the user's redirect method.
I tried to repeat the problem with the default Home controller.
The problem repeats if I use the same redirection principle as in Shield controllers.
If i explicitly specify Location as a redirection method in the to() method of the call chain, the message is saved and displayed correctly.

Perhaps the problem is in the environment, because for the current project i have to use IIS.

For repeat problem i use this code:

PHP Code:
if ($this->request->getGet('test')) {
    // return redirect()->to('/')->with('test_message', 'This message not stored after redirection.'); // <- Thats will be removed after redirection
    return redirect()->to('/', null, 'location')->with('test_message', 'Just a test message!'); //Thats work
}
return view('welcome_message', ['test_message' => session('test_message')]); 

WitER · 05-27-2024, 10:35 AM

At the moment, I have come to the conclusion that the problem with resetting flash messages in a session when redirecting is being reproduced due to the injection of Kint code into the response body.
But unfortunately, I have not figure out how to disable injection in the presence of a redirect request.

UPD: Figured it out, sent a report.