0

Am trying to modify an already heavily modified joomla environment. I am not a Joomla dev so am a little lost in the wilderness, so to speak.

Basically, 99% of the site consists of articles with Access Level = Registered. When you hit the URL of one of these articles, Joomla redirects to an auth page. That makes sense, except the URL to the original article is lost so after login, you are redirected back to the homepage and not the article originally intended.

Now, I can see that the error.php page has been modified with code to intercept a 403 error, and this looks like it should work. BUT, somehow/somewhere Joomla is redirecting to the auth page in some other way, and no 403 is ever thrown.

So my question is, how does Joomla perform the redirect to the auth page (a custom plugin btw), and is there any way for Joomla to instead throw the 403 error so I can use the logic already coded in error.php.

Thanks in advance

ps it's Joomla 1.5.23 and PHP 5.2.17

Gwyn Howell
  • 5,365
  • 2
  • 31
  • 48

2 Answers2

1

Joomla! 1.5 uses a fairly comprehensive .htaccess file and as Joel said this happens before Joomla! gets a look in.

A standard Joomla! 1.5 installation will redirect to the correct content after a users logins if the relevant component is written correctly (like the standard com_content for articles). I would start by looking at why that isn't working e.g. has the auth check been modified for some reason.

Joomla! 1.5 normally does this by attaching a return parameter (base64 encoded), to the URL that is used to call com_user, you can find in most components code like this to check if the users has access and if not redirect them.

if (($contact->access > $user->get('aid', 0)) || ($contact->category_access > $user->get('aid', 0))) {
    $uri        = JFactory::getURI();
    $return     = $uri->toString();

    $url  = 'index.php?option=com_user&view=login';
    $url .= '&return='.base64_encode($return);

    $mainframe->redirect($url, JText::_('You must login first') );
}
Community
  • 1
  • 1
Craig
  • 9,335
  • 2
  • 34
  • 38
  • thanks. i figured it out now, it was simple in the end. there was a custom redirect module which wasn't configured correctly. thanks for your response – Gwyn Howell May 19 '12 at 13:17
0

A 403 error is on the HTTP level. It is thrown when a user tries to access a part of a server he does not have access to. These permissions are completely different from Joomla permissions. Most of the time, a 403 error only comes from a restriction in a .htaccess file, or when a script tells the server to throw a 403 error (see code below).

I'm not a Joomla expert, but you should be able to throw a 403 error when a user goes to the auth page. This PHP code should do the trick:

header("HTTP/1.0 403 Forbidden");

Hope this helps you.

Joel
  • 2,654
  • 6
  • 31
  • 46