We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
    • 37042
    • 384 Posts
    I'm making a small members-only site for a client and decided to forgo ResourceGroups and use Bob's method instead
    http://bobsguides.com/blog.html/2013/05/22/protecting-pages-the-easy-way/

    But I'm having trouble with some kind of permissions loop beteen my Login and Welcome page.

    Here's my problem
    Users are succesfully loggedin and directed to my Welcome page until I protect that Welcome page.
    As soon as I protect my welcome page, loggedin users are bounced back to my login page which just displays a lougout link.

    Here's my setup:
    My homepage is public and displays a Login form
    • Login (1)
    and uses the following Login script
    [[!Login? &tplType=`modChunk` &loginTpl=`lgnLoginTpl-custom-Home` &loginResourceId=`15` &logoutResourceId=`1` ]]
    


    Upcon successful login, I am directing people to my page called
    • Welcome (15)

    That works great but I realised I need to protect this Welcome (15) page from direct access from non loggedin users by bouncing them back to the Home/Login. So I added the snippet as outlined in the BobsGuides tutorial

    /* Redirect anyone who is not logged in to Resource 1 */
    [[!PrivatePage? &redirectTo=`1`]]


    As soon as I do that it loads up the Login page but just displays a logout link.

    Any ideas as to why the loop is happening?

      ...
      • 3749
      • 24,544 Posts
      Are all the pages in the same context?

      Does one page URL start with www while the other doesn't?

      It looks like the PrivatePage snippet on the welcome page is not recognizing the user as logged in. Those are the only two reasons I can think of why that would happen.

        Did I help you? Buy me a beer
        Get my Book: MODX:The Official Guide
        MODX info for everyone: http://bobsguides.com/modx.html
        My MODX Extras
        Bob's Guides is now hosted at A2 MODX Hosting
        • 37042
        • 384 Posts
        Hi Bob.
        That's exactly what's happening. It's wired.

        Both pages are in the same context and both start with www on Modx Cloud.
        I'll have a closer look tomorrow and try on a fresh install. The site originally used UserGroups and ResourceGroups so maybe there's some legacy stuff going on.
          ...
          • 3749
          • 24,544 Posts
          It's definitely odd. If it were an ACL issue, the snippet would never run on the Welcome page.

          Try adding this to the Login snippet:

          &contexts=`web`
            Did I help you? Buy me a beer
            Get my Book: MODX:The Official Guide
            MODX info for everyone: http://bobsguides.com/modx.html
            My MODX Extras
            Bob's Guides is now hosted at A2 MODX Hosting
            • 37042
            • 384 Posts
            Ok, that partially worked in the sense that logging in bounced me back to my Unuathorised page instead of back to the Login page.

            I can see that I am actually logged in as my site uses your Personalize snippet and is displaying the loggedin Chunk.

            Had a look at the error log and found the following. Is this the root of my probs?

            [2014-01-23 08:29:52] (ERROR @ /manager/index.php) Encountered empty IN condition with key usergroup
            [2014-01-23 08:29:52] (ERROR @ /manager/index.php) Error 42000 executing statement: 
            Array
            (
                [0] => 42000
                [1] => 1064
                [2] => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') OR  ( `ProfileUserGroup`.`usergroup` IS NULL AND `UGProfile`.`active` = 1 )  )' at line 1
            )
            
            [2014-01-23 08:30:11] (ERROR @ /manager/index.php) Encountered empty IN condition with key usergroup
            [2014-01-23 08:30:11] (ERROR @ /manager/index.php) Error 42000 executing statement: 
            Array
            (
                [0] => 42000
                [1] => 1064
                [2] => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') OR  ( `ProfileUserGroup`.`usergroup` IS NULL AND `UGProfile`.`active` = 1 )  )' at line 1
            )
              ...
              • 37042
              • 384 Posts
              Just noticed, if I protect the Welcome Page by UserGroup, the flow works as planned. But thats not an option for me as I'll have quite a few UserGroups and dont want to have to specify them on every protected page.

              [[!PrivatePage? &userGroups=`Sales and Marketing`]]
                ...
                • 3749
                • 24,544 Posts
                It should work without the user groups as long as you don't send the &userGroups property.

                I can't think of any reason it wouldn't.

                If you're not using any user groups, you can leave the function and replace the rest of the code with this:

                    
                if (!$modx->user->hasSessionContext($modx->context->get('key'))) {
                    forward($redirectTo, $modx);
                }


                Or this, if the context is always web:

                    
                if (!$modx->user->hasSessionContext('web')) {
                    forward($redirectTo, $modx);
                }



                  Did I help you? Buy me a beer
                  Get my Book: MODX:The Official Guide
                  MODX info for everyone: http://bobsguides.com/modx.html
                  My MODX Extras
                  Bob's Guides is now hosted at A2 MODX Hosting
                  • 37042
                  • 384 Posts
                  Update: this is now working for me and my particular setup after Bob updated the snippet. See his web page.
                    ...