0

I'm new to F3 and I've just implemented a form-based login system (using the Auth plugin). It works, but my not-logged-in check looks like this:

if (!$f3->get('SESSION.user')) $f3->reroute('/login');

The example I was referring to, did this, which seems more correct:

if (!$f3->get('SESSION.user')) $f3->error(401);

However, this 401 error shows a simple error page. I want it to send back the login form (which is at /login) along with an error saying "You must be logged in" and I want this response to be a 401 instead of a 403 or 200.

Am I right in expecting this behaviour or is a 401 only valid for HTTP Basic Auth and not custom form-based auth?

aalaap
  • 4,145
  • 5
  • 52
  • 59

1 Answers1

4

You can customize the error response with the ONERROR hook.

So in your case, you could do something like this:

$f3->ONERROR=function($f3) {
  if ($f3->get('ERROR.code')==401) {
    // custom behaviour on 401
    echo \Template::instance()->render('error-401.htm');
  } else
    // default behaviour otherwise
    return FALSE;
};

<!-- error-401.htm -->
<h1>This page requires authorization</h1>
<a href="/login?path={{ @PATH }}">Click here to sign in</a>
xfra35
  • 3,833
  • 20
  • 23
  • Yup, I did the exact same thing soon after posting the question and reading http://stackoverflow.com/questions/19763414/fat-free-framework-f3-custom-404-page-and-others-errors?rq=1 – aalaap Nov 16 '15 at 18:36