We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

AdminController redirect to homepage

Hi guys, What I want to do is if anyone accesses /admin/ and does not have the session variable to get redirected to homepage ("/" route) .

What I want to do, is make a general check in the AdminController only once :

public function onConstruct()
{
    if (is_null($this->session->get('auth-identity'))) {
        header('Location: /');
        return;
    }
}

And this works fine, but I don`t like this method - I would like to use the response object and redirect, but when trying with $response->redirect('/'); , when accessing '/admin/' - my index controller response is returned with no redirect.

Can you please guide me here?

edited Dec '16

do return $this->response->redirect("/")

I tried that and it does not work, the index method gets called and the reponse appears on the page - no redirect gets done.



43.9k

Hi,

as said, use $this->response->redirect('/') if you want to get "/" in the url

If you use:


        $this->dispatcher->forward(
            [
                "controller" => "index",
                "action"     => "index",
            ]
        );

you will keep "/admin/" in the url

Forward is other thing, redirect is other thing. Im guessing you mean return keyword ?



43.9k
Accepted
answer

no redirect gets done

in the doc : https://docs.phalcon.io/en/latest/reference/response.html#making-redirections

Note that a redirection doesn’t disable the view component, so if there is a view associated with the current action it will be executed anyway. You can disable the view from a controller by executing $this->view->disable();

edited Dec '16

Yes, I tried the return and it does not work.

Should I use another method instead of the onConstruct() ?

Using the dispatcher for forward is not an option - I want to redirect the user to the homepage and not show the admin url and the homepage view.

public function onConstruct()
{
    if (is_null($this->session->get('auth-identity'))) {
        $this->view->disable();
        return $this->response->redirect("/");
    }
}

It does not work.

==== Edit:

The index action was like this:

public function indexAction() { echo 'admin index';exit(); }

After I deleted the echo statement the redirect worked, So you guys are saying that with $this->view->disable(); I won't have a problem with redirect in the future when I will have a valid view for the index action?



43.9k

are you sure that your "if" statement works ?

One more question - this might be in the documentation or somewhere on the net, but why do I get redirected to "/index.php/" instead of "/" ?

I fixed the redirect with: return $this->response->redirect("/", true);

Thanks a lot guys for your help.



43.9k

why do I get redirected to "/index.php/" instead of "/"

I don't know !! Does url rewrite working correctly in the whole application ?

Yes it does - I finally figured it out, I had to add: $url->setBaseUri('/');

Into my services.php at the url section and it fixed it.

This holds true also for Simple View component which does not have disable() method. View is being executed and HTTP body content is flushed directly to the client.

This is a serious security concern, in other words - your routes are all visible via command line (browsers will not display content if HTTP status code is ~300).

no redirect gets done

in the doc : https://docs.phalcon.io/en/latest/reference/response.html#making-redirections

Note that a redirection doesn’t disable the view component, so if there is a view associated with the current action it will be executed anyway. You can disable the view from a controller by executing $this->view->disable();



43.9k

For the app I'm working on, that default behavior is pretty good. I'm using invo based plugins. So when a user hit a not found or a forbidden ressource, he stays in its view environment (like guest, user and admin template). I've discovered this in the doc because of Aleandru Bese's problem !

Well, if you're already using ACL, fine, but for instance in Micro app with Controllers as handlers, that seems like overkill. Thus, with Micro I'm using after() middleware to fully control output (Response object).