karlja, were you ever able to get this working?

Actually, I just got it working, after looking through a lot of code.

As it turns out, the code to handle the redirects is actually properly built into CB. That isn't the issue. On line 1597 of comprofiler.php, this line properly handles redirects after login:

[code:1]cbRedirect( cbSef( $return, false ), ( count( $alertmessages ) > 0 ? stripslashes( implode( '\n', $alertmessages ) ) : '' ) );[/code:1]

The issue is on the login page itself, and what is being passed into this function. The issue stems around a hidden field in the login form.

[code:1]<input type="hidden" name="return" value="base64_value" />[/code:1]

For whatever reason, the only URL being built here is the URL of the homepage. So this is a very simple fix. Open mod_cblogin.php. Around line 678, find this:

[code:1]echo '<input type="hidden" name="return" value="B:' . base64_encode( $login ) . '" />'."\n";[/code:1]

Comment out that existing echo statement for that hidden field, and do this instead:

[code:1]
$myReturn = JRequest::getVar('return', '', '_GET');

echo '<input type="hidden" name="return" value="B:'.$myReturn.'" />';
[/code:1]

Don't worry about the "B:" thing; CB's internal code handles that fine.

This has solved the problem for me.

1. I'm logged in, and I copy a registered URL.
2. I logout.
3. I paste the private URL I copied into the browser and attempt to go there.
4. Joomla redirects to a URL with the base64 of the URL you were *trying* to access as a GET parameter with value stored in "return".
5. That value is read and placed into the hidden field of the form.
6. Upon logging in, you are redirected to the page you were trying to access.

This is currently working for me. I hope this helps someone else.

- vince

Hey vcardillo,

that also works great for me - I just tried it.

Before I only tried without the "B:" because I did not know, that Community Builder would take care of it.

So, thank you and I guess, this would be a great fix for future builds of CB...

Regards,
Karlja

Thank you vcardillo.

I have my cb_login module publshed to all pages. If I try to access a secured page while logged out, I get re-directed to the Joomla Login page. If I enter credentials into the cb_login module on that page using your "hack" I now get redirected to my original page.

My only issue with this is that the this is still the Joomla login page, so users could also use the Joomla login.

If I use "Core Login Redirect", to redirect from the Joomla to the CB login page, this still works as before, which doesnt surprise me.

My question for you, are you using a login re-direct plugin, and if so which one? If not, how do you prevent uses from using the Joomla login page?

Thanks again for sharing this!

I am not using a login re-direct plugin.

I have things setup so that users only ever see the cb login module. Joomla's core login module can appear in one of two ways:

1. As a module.
2. Via the <jdoc:include type="component" /> statement, which is replacement for the original mosMainBody();

For number one, obviously just disable the core login module via the admin panel. Number two is a bit trickier, you just have to be clever. I have code in each template. Here's a pseudo example:

if (user is not logged in)
Show module position with cb login

if (user is logged in)
Template HTML with the <jdoc:include type="component" /> statement


With an IF statement that tests in this fashion, you avoid calling <jdoc:include type="component" /> unless the user is logged in. And this way users never see the core login module. Let CB handle everything.

- vince

thanks vince, good idea. We can even do this on only the login page.

It should be noted that the code change to mod_cblogin.php will disable the function of the login redirect field.

A logic sequence could be used to decide which redirect URL to use and when. I see it being difficult to decide how to modify the core for future release as there will be different desires by different people.

Post edited by: ckayfish, at: 2010/05/09 00:27