[drupal-devel] [feature] Easily persist destinations

Tue Jul 19 04:51:31 UTC 2005

Issue status update for 
http://drupal.org/node/26467
Post a follow up: 
http://drupal.org/project/comments/add/26467

 Project:      Drupal
 Version:      cvs
 Component:    base system
 Category:     feature requests
 Priority:     normal
 Assigned to:  drumm
 Reported by:  drumm
 Updated by:   mathias
 Status:       patch

I tested this patch and it works as expected. By tacking on a
destination parameter to the URI I was able to control for example,
where the login form takes a user after successful authentication. 
This is especially helpful for the ecommerce package to redirect users
back to the checkout process after logon.  

I did some basic security checks to make sure a user couldn't redirect
to an absolute URL or traverse web directories, but I still ponder the
implications are of allowing anyone to control the destination after a
form submit on my site. 

That could just be the control freak in me coming out in full swing.

mathias

Previous comments:
------------------------------------------------------------------------

Wed, 06 Jul 2005 18:01:07 +0000 : drumm

Attachment: http://drupal.org/files/issues/common.inc_4.diff (1.44 KB)

I think drupal_get_destination() should keep track of the origionally
set destination. With this patch drupal_get_destination() will return
the current destination instead of the current page if it exists.

------------------------------------------------------------------------

Wed, 06 Jul 2005 18:10:04 +0000 : drumm

setting status to patch

------------------------------------------------------------------------

Wed, 06 Jul 2005 19:14:20 +0000 : drumm

Attachment: http://drupal.org/files/issues/common.inc_5.diff (1.47 KB)

More clear help text. Hopefully the patch is more self-explanatory now.

------------------------------------------------------------------------

Thu, 07 Jul 2005 05:41:57 +0000 : Kobus

Not sure if I understand this correctly, but from my scan of the code it
seems like it. If I do understand correctly:

1. User clicks on an e-mail or web link to an article on a page.
2. Authentication is required.
3. User gets redirected to log in.
4. User logs in.
5. User gets redirected to the original article they requested.

If that is what this patch enables me to do, I am +20 for it :)

Regards,

Kobus

------------------------------------------------------------------------

Mon, 18 Jul 2005 19:22:05 +0000 : drumm

I am updating this patch so that this API feature is used by the node
module.

------------------------------------------------------------------------

Mon, 18 Jul 2005 22:08:54 +0000 : drumm

Attachment: http://drupal.org/files/issues/destination.patch (3.6 KB)

This patch includes going back to the right place when deleting nodes.

------------------------------------------------------------------------

Mon, 18 Jul 2005 22:14:55 +0000 : drumm

Wrong status.

------------------------------------------------------------------------

Mon, 18 Jul 2005 22:22:55 +0000 : chx

very nice idea.

------------------------------------------------------------------------

Tue, 19 Jul 2005 00:51:40 +0000 : jjeff

I've been using a hack to get this functionality on my current site. It
should DEFINITELY be part of the core. If anyone wants to build a theme
that doesn't have a login box on every page, this is absolutely
necessary.

++1

------------------------------------------------------------------------

Tue, 19 Jul 2005 01:03:41 +0000 : drumm

Just to be clear, this does not affect the login process.

------------------------------------------------------------------------

Tue, 19 Jul 2005 03:30:35 +0000 : jjeff

Well it does not affect the default Drupal login process, but if a theme
wants to put a login *link* on its pages rather than the Drupal-esque
login form-on-every-page, then the appropriate way would be to use:

<?php
print l(t('Login/Register'), 'user/login', array(),
drupal_get_destination());
?>

The idea being that users would get sent to
http://www.example.com/user/login?destination=the_node_they_came_from
However, because the destination does not persist, they don't get sent
back to the node they came from. Instead they get sent to their user
page.

Unless I'm reading it wrong, this patch fixes drupal_get_destination()
so that everything works as it should and the user ends up logged in
and back at the original node.

-Jeff

------------------------------------------------------------------------

Tue, 19 Jul 2005 03:59:17 +0000 : gordon

Not to blow my own trumpet... well actually I am.

Kobus: The patch that you are looking for the one that I did a month or
so ago. Basically if you get a 403 and you are not logged in you will
get a login page and then once you have loged it will redirect you back
to the page that you we denied access to. This patch is more of an API
level change where you are going to need to do some coding before you
can make use of it.

I have not yet been able to convince Dries that you cannot do this in
Drupal. He has been a little busy laterly so I have not bugged him.

As for this patch. +1 I like it. The idea of not having a login page on
a theme, but still come back to the current page is great.

------------------------------------------------------------------------

Tue, 19 Jul 2005 04:12:51 +0000 : gordon

opps forgot the url.

http://drupal.org/node/24050 [1]
[1] http://drupal.org/node/24050