Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
302 Redirects with SimpleAuth Login
  • I can't seem to log in via SimpleAuth. It accepts my login credentials, but redirects me via 302 to the root url.

    I go to /admin, I'm redirected to login at /admin/login, I do so, and I'm 302'd back to /admin but then 302'd back to /. And then, being logged in, any attempt to access /admin 302's back to /.

    I can seem to log in properly, but once logged in can't access anything at /admin without being redirected away from it.

    This happens on my local server as well as on heroku.

    What would be causing this and how do I fix it?

    The logs go like this:
    127.0.0.1 - - [22/Jan/2016:11:25:30 -0500] "GET /admin HTTP/1.1" 302 -
    127.0.0.1 - - [22/Jan/2016:11:25:30 -0500] "GET /admin/login HTTP/1.1" 200 5842
    127.0.0.1 - - [22/Jan/2016:11:25:33 -0500] "POST /admin/login HTTP/1.1" 302 -
    127.0.0.1 - - [22/Jan/2016:11:25:34 -0500] "GET /admin HTTP/1.1" 302 -
    127.0.0.1 - - [22/Jan/2016:11:25:34 -0500] "GET / HTTP/1.1" 200 5
    127.0.0.1 - - [22/Jan/2016:11:28:24 -0500] "GET /admin HTTP/1.1" 302 -
    127.0.0.1 - - [22/Jan/2016:11:28:25 -0500] "GET / HTTP/1.1" 200 5
  • Which Fuel version, which code? The framework doesn't provide an "admin" controller out of the box.
  • Sort of followed this to create the admin panel:
    http://code.tutsplus.com/tutorials/build-an-admin-panel-with-the-fuel-php-framework--net-23186

    FuelPHP 1.7

    <?php

    class Controller_Admin extends Controller_Base
    {
    public $template = 'admin/template';

    public function before()
    {
    parent::before();

    if (Request::active()->controller !== 'Controller_Admin' or ! in_array(Request::active()->action, array('login', 'logout')))
    {
    if (Auth::check())
    {
    $admin_group_id = Config::get('auth.driver', 'Simpleauth') == 'Ormauth' ? 6 : 100;
    if ( ! Auth::member($admin_group_id))
    {
    Session::set_flash('error', e('You don\'t have access to the admin panel'));
    Response::redirect('/');
    }
    }
    else
    {
    Response::redirect('admin/login');
    }
    }
    }

    public function action_login()
    {
    // Already logged in
    Auth::check() and Response::redirect('admin');

    $val = Validation::forge();

    if (Input::method() == 'POST')
    {
    $val->add('email', 'Email or Username')
    ->add_rule('required');
    $val->add('password', 'Password')
    ->add_rule('required');

    if ($val->run())
    {
    if ( ! Auth::check())
    {
    if (Auth::login(Input::post('email'), Input::post('password')))
    {
    // assign the user id that lasted updated this record
    foreach (\Auth::verified() as $driver)
    {
    if (($id = $driver->get_user_id()) !== false)
    {
    // credentials ok, check access level
    $user = Model\Auth_User::find($id[1]);

    if ($user->group >= 80) {
    //logged in! yay!
    $current_user = $user;
    Session::set_flash('success', e('Welcome, ' . $current_user->username));
    Response::redirect('admin');
    }
    else {
    $this->template->set_global('login_error', 'No access!');
    break;
    }
    }
    }
    }
    else
    {
    $this->template->set_global('login_error', 'Login failed!');
    }
    }
    else
    {
    $this->template->set_global('login_error', 'Already logged in!');
    }
    }
    }

    $this->template->title = 'Login';
    $this->template->subtitle = 'See all the things!';
    $this->template->content = View::forge('admin/login', array('val' => $val), false);
    }

    /**
    * The logout action.
    *
    * @access public
    * @return void
    */
    public function action_logout()
    {
    Auth::logout();
    Response::redirect('admin');
    }

    /**
    * The index action.
    *
    * @access public
    * @return void
    */
    public function action_index()
    {
    $this->template->title = 'Dashboard';
    $this->template->subtitle = 'Recent Events and Quick Stats';
    $this->template->content = View::forge('admin/dashboard');
    }

    }

    /* End of file admin.php */
  • You seem to use a very old version of Fuel, this "loop" bug was fixed on February 5th 2013, almost 3 years ago.

    I can only strongly suggest to upgrade to 1.8/dev. Here you can find the current version of the admin controller template: https://github.com/fuel/oil/blob/1.8/develop/views/admin/crud/controllers/admin.php
  • Hm.. nope. Not the problem. I think I must have been using a later version. I updated first to 1.7.3 and the version number still said 1.7 in all the files, which is what I looked at when you asked. It didn't help.

    So I updated to 1.8/dev, and the problem still persists. No change.

    Any other thoughts? Is Auth salting the login somehow with the hostname? This originally worked locally but not on heroku, but I switched over to a different computer to develop on and changed the vhost and the problem is now local too.

  • HarroHarro
    Accepted Answer
    There is only one redirect() in your code that can cause it,which is this bit in the before() method:
             if (Auth::check())
    {
    $admin_group_id = Config::get('auth.driver', 'Simpleauth') == 'Ormauth' ? 6 : 100;
    if ( ! Auth::member($admin_group_id))
    {
    Session::set_flash('error', e('You don\'t have access to the admin panel'));
    Response::redirect('/');
    }
    }
    So you might have to debug that. Perhaps your groups are different, it does a check if the logged-in user is member of the administrator group on id, maybe your id values are different?
  • ...ok, that's my fault. I was trying to create super-admins, but didn't update that bit of code to allow both groups in. I guess I just needed a second pair of eyes on the problem.

    Thanks!
  • You're welcome! :-)

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion