Search…

X3 Photo Gallery Support Forums

Search…
 
holli10
Topic Author
Posts: 7
Joined: 27 Oct 2022, 11:18

Redirect to user-specific subfolder after successful login

27 Oct 2022, 13:23

Is there a possibility to redirect a user to a user-specific subfolder after a successful login (page "Customer login")? The background is that I have a menu item "Customer login" on the website, which all customers should use to log in, but then only see their customer-specific subfolder or be redirected directly to it.
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Redirect to user-specific subfolder after successful login

28 Oct 2022, 00:23

Did you try the X3 control panel database version? Settings > Panel > Login type (database). After you install database version, you can create USERS (from the main admin), that are restricted to a specific directory (and it's sub-folders). On login, they would then be directed to their assigned directory.

Let me know if this helps.
 
holli10
Topic Author
Posts: 7
Joined: 27 Oct 2022, 11:18

Re: Redirect to user-specific subfolder after successful login

28 Oct 2022, 03:33

The suggestion with the user database refers, as I see it, to the login to the panel (backend).

However, I need a solution for the frontend (the actual website), i.e. for the users who are created in the panel under "Protect". Here, the authentication window appears when a protected page is called. After successful login, a customer/user specific redirect should be made to a subfolder. The customer/user should not see the panel itself. I would like to use this in connection with a customer-specific photo gallery and the possibility of ordering selected photos via the cart plug-in.

Is this possible?
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Redirect to user-specific subfolder after successful login

28 Oct 2022, 04:50

holli10 wrote:However, I need a solution for the frontend (the actual website), i.e. for the users who are created in the panel under "Protect". Here, the authentication window appears when a protected page is called. After successful login, a customer/user specific redirect should be made to a subfolder. The customer/user should not see the panel itself. I would like to use this in connection with a customer-specific photo gallery and the possibility of ordering selected photos via the cart plug-in.
Ok, so for clarity, this is for the frontend. About the PROTECT options, this is for protecting specific pages ... The login would only appear if the visitor tries to navigate to the protected page ... and if they do that, they would already be on the page they navigated to.

Another thing that maybe is not clear, although you can have password-protected pages and hidden pages (and both), it is still a single X3 website that will share the same main menu. X3 can't output different websites (different menu etc) on a per user basis, because of how cache works and how X3 was designed.

My question to you, where would the login for your users appear? As it works now, the login prompt only appear after the user clicks a menu item that points to a page that is password protected. It seems to me like you want a different kind of system ... Perhaps a LOGIN button in menu, and after login, the user is redirected to a specific page? I think this could be done, but it would definitely require some work to implement something like that.
 
holli10
Topic Author
Posts: 7
Joined: 27 Oct 2022, 11:18

Re: Redirect to user-specific subfolder after successful login

28 Oct 2022, 06:14

Yes, exactly that. A login button or corresponding menu item (customer/user login) with redirect to user-specific page.
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Redirect to user-specific subfolder after successful login

28 Oct 2022, 06:43

holli10 wrote: Yes, exactly that. A login button or corresponding menu item (customer/user login) with redirect to user-specific page.
This would have to be some kinda customization. X3 doesn't show login prompt, until visitor navigates to a page that is password protected. Also, even if we use the existing X3 "users" (protected), how would X3 know what page to redirect to?
 
holli10
Topic Author
Posts: 7
Joined: 27 Oct 2022, 11:18

Re: Redirect to user-specific subfolder after successful login

28 Oct 2022, 07:13

That would certainly have to be implemented additionally.

The login page itself is password-protected, but in principle it should only show that the login was successful. The actual page to be displayed would then be a subfolder directly below it for each customer. The subfolders could be given the same name as the authenticated user. This would make a relatively simple redirect to the subfolder (= user name) possible.
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Redirect to user-specific subfolder after successful login

29 Oct 2022, 00:40

holli10 wrote:The login page itself is password-protected, but in principle it should only show that the login was successful. The actual page to be displayed would then be a subfolder directly below it for each customer.
It's not clear what you mean "The actual page to be displayed" ... They will arrive on ONE page. If they land on a page that only shows "successful login", they would then need to navigate to the subfolder. Why not just redirect directly to the page where you want them to land? If you are going to build some custom login mechanism, it might already be able to display som "login success" message during login.

The best I can think of:
  1. Create a custom login.php.
  2. Link to the login.php from a menu item "Login" (etc), which could open in a popup.
  3. The login.php would then use the X3 login "users", and redirect to /path/username/ after successful login. This script would first attempt to login via XHR(ajax) without actually navigating to the page ... Only after login is confirmed, would it then redirect to the page.
  4. You would still need to assign the specific user to have access to /path/username/ from Settings > protected.
Perhaps a little clumsy, building on a system that was not created for this purpose. Is there any reason you couldn't make things simple and just give the user's URL to the user by email? When they access it, they will be asked to login, and they will be on the correct page.
 
holli10
Topic Author
Posts: 7
Joined: 27 Oct 2022, 11:18

Re: Redirect to user-specific subfolder after successful login

29 Oct 2022, 06:43

mjau-mjau wrote:
holli10 wrote:The login page itself is password-protected, but in principle it should only show that the login was successful. The actual page to be displayed would then be a subfolder directly below it for each customer.
It's not clear what you mean "The actual page to be displayed" ... They will arrive on ONE page. If they land on a page that only shows "successful login", they would then need to navigate to the subfolder. Why not just redirect directly to the page where you want them to land? If you are going to build some custom login mechanism, it might already be able to display som "login success" message during login.

The best I can think of:
  1. Create a custom login.php.
  2. Link to the login.php from a menu item "Login" (etc), which could open in a popup.
  3. The login.php would then use the X3 login "users", and redirect to /path/username/ after successful login. This script would first attempt to login via XHR(ajax) without actually navigating to the page ... Only after login is confirmed, would it then redirect to the page.
  4. You would still need to assign the specific user to have access to /path/username/ from Settings > protected.
Perhaps a little clumsy, building on a system that was not created for this purpose. Is there any reason you couldn't make things simple and just give the user's URL to the user by email? When they access it, they will be asked to login, and they will be on the correct page.
Yes, I think your suggestion is a good solution.

Here is a little background information on what I need it for. A friend of mine is a photographer and would now like to make the photos available to her customers in a protected customer area via her website (which can then also be ordered using the cart plug-in). For this, I need a general login option. From my point of view, it would be inconvenient to send each customer their own specific customer link directly. It is easier to tell the customer to log in on the website and then be redirected directly to their customer-specific page. Of course, other customers are not allowed to see the photos of this customer. However, the photographer herself should have access to all subfolders (i.e. all client pages) via the parent page as a superuser.

I think your proposed solution is a good one and that, especially because of the new cart plug-in, such a solution would certainly be interesting for other software users.
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Redirect to user-specific subfolder after successful login

30 Oct 2022, 00:20

It's not a bad idea. I will consider it.

Personally, I don't quite see how it's much more inconvenient to send a direct link to the user. After all, this is the page they will end up on, except in your case, they will first need to load the main page and then click login. The X3 login system is meant to protect pages (and child-pages) as soon as someone tries to access the page, and it's not really suitable to also handle redirects. Maybe! Thanks for your valuable input.
 
metallissimus
Experienced
Posts: 331
Joined: 17 Oct 2019, 06:54

Re: Redirect to user-specific subfolder after successful login

02 Nov 2022, 06:17

holli10 wrote:From my point of view, it would be inconvenient to send each customer their own specific customer link directly. It is easier to tell the customer to log in on the website and then be redirected directly to their customer-specific page.
You don't need to send each customer their specific link, you can just send them a link to a page where the different customer galleries are shown and they can login into their own. That's how I handle it right now: https://hochzeiten.danielbollinger.de/kunden/
Or is it a requirement that customers can't see that there are other customer galleries?
www.danielbollinger.de – corporate photography
hochzeiten.danielbollinger.de – wedding photography
 
holli10
Topic Author
Posts: 7
Joined: 27 Oct 2022, 11:18

Re: Redirect to user-specific subfolder after successful login

02 Nov 2022, 07:09

metallissimus wrote:
holli10 wrote:From my point of view, it would be inconvenient to send each customer their own specific customer link directly. It is easier to tell the customer to log in on the website and then be redirected directly to their customer-specific page.
You don't need to send each customer their specific link, you can just send them a link to a page where the different customer galleries are shown and they can login into their own. That's how I handle it right now: https://hochzeiten.danielbollinger.de/kunden/
Or is it a requirement that customers can't see that there are other customer galleries?
Yes, a customer should indeed not see that there are other customer galleries.
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Redirect to user-specific subfolder after successful login

02 Nov 2022, 10:56

The reason I am not too enthusiastic about the idea, is because X3 uses basic auth, which is a standard browser login mechanism, that specifically protects URL's (requests). In your case, you are asking for a LOGIN system that simply "logs in" the user without first pointing to any URL ... This is not really a concept of basic auth, which automatically shows a login prompt when accessing an url that is protected. To create something like this, we would need to build a new abstract login system (without using basic auth) ... I'm not saying it's a bad concept, but at this point, I can't see much benefit if it's only for the functional benefit of automatically redirecting the user to "their url" (which is not a concept or basic auth either).

If I was going to do this, I would need to do something like this:
  1. Create a unique login.php script, that uses /config/config.user.json, and shows a login form in a popup.
  2. First check if username/password is correct (obviously).
  3. Redirect the user to an URL, which would have to be extrapolated from the username somehow.
  4. The actual login process would then happen after redirect, when accessing the protected page ... not from login.php, which can only validate the login and redirect.
  5. The login.php script would be able to forward the data from the login form, so that the user is not prompted to login again, so it would remain a fluid experience.

My point is, basic auth is not really a "login system", but an url-protection system.
 
holli10
Topic Author
Posts: 7
Joined: 27 Oct 2022, 11:18

Re: Redirect to user-specific subfolder after successful login

02 Nov 2022, 12:50

mjau-mjau wrote: The reason I am not too enthusiastic about the idea, is because X3 uses basic auth, which is a standard browser login mechanism, that specifically protects URL's (requests). In your case, you are asking for a LOGIN system that simply "logs in" the user without first pointing to any URL ... This is not really a concept of basic auth, which automatically shows a login prompt when accessing an url that is protected. To create something like this, we would need to build a new abstract login system (without using basic auth) ... I'm not saying it's a bad concept, but at this point, I can't see much benefit if it's only for the functional benefit of automatically redirecting the user to "their url" (which is not a concept or basic auth either).

If I was going to do this, I would need to do something like this:
  1. Create a unique login.php script, that uses /config/config.user.json, and shows a login form in a popup.
  2. First check if username/password is correct (obviously).
  3. Redirect the user to an URL, which would have to be extrapolated from the username somehow.
  4. The actual login process would then happen after redirect, when accessing the protected page ... not from login.php, which can only validate the login and redirect.
  5. The login.php script would be able to forward the data from the login form, so that the user is not prompted to login again, so it would remain a fluid experience.

My point is, basic auth is not really a "login system", but an url-protection system.
Here is my suggestion for the implementation:
  1. Create a special page e.g. under /login (login.php), that uses the basic authentication (Users must have access to /login).
  2. The login.php script checks the content of the PHP server variable PHP_AUTH_USER (= username) after login.
  3. Redirect the user e.g. to /login/username (only the authenicated user may have access to the user-specific subfolder).
I think this solution is much simpler and still uses only basic authentication with the only difference that after logging in, the user is redirected to a folder (incl. subfolder with the same username) that has been defined by configuration, for example.
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Redirect to user-specific subfolder after successful login

03 Nov 2022, 00:39

I did read your comments (a few times actually), and it's similar to my suggestion, but doesn't really provide any advantage. It's still a tedious "workaround", just to be able to automatically redirect users to a special page. We still need to create a "login.php" that logs in independently, regardless of that route is already "protected", because we need to check login and intercept the path and then redirect ... 

For me, what we are really looking at here, is a "redirect script". Essentially, like in your suggestion, we could use /login/, which already requires login. However, this page would have no means to redirect the user.

Personally, if I was going to "hack" a solution for you, at minimal effort, I would do it like this:
  1. Create a /login/ page, which is password-protected, which all "users" have access to.
  2. Add a Javascript on the page, that calls a custom script "redirect.php".
  3. The redirect.php script, will return the "username" to browser, which can then redirect to /**/username/
Not a super-elegant solution, but it would seem fluid and flawless. I would normally charge $100+ for this, but I could squeeze it down to $50 for you, as I have already spent a lot of time replying and considering options :D

This is not generally something I will include in X3, because it requires you to setup your logins, users and paths at a very strict pattern, hardcoded into the Javascript. And this "redirect" is not generally something that X3 password protection supports.