In my controller actions this always works:
$this->flashSession->error('You must login');
return $this->response->redirect('/login');If I put that code in the controller's beforeExecuteRoute() method it works. However, if I put it in the parent controller (ControllerBase) beforeExecuteRoute() method it doesnt work unless I use $this->view->disable()
Anybody know what my issue might be?
Try returning false:
$this->flashSession->error('You must login');
$this->response->redirect('login');
return false;Nope that doesnt work either. Heres my the actual code:
class SessionController extends ControllerBase
{
// Change Main Layout
public function initialize()
{
$this->view->setMainView('plain');
}
// CHECK CSRF TOKEN
public function beforeExecuteRoute(Dispatcher $dispatcher)
{
$action = $dispatcher->getActionName();
$isPost = $this->request->isPost();
if ($isPost && $action == 'login') {
if (!$this->security->checkToken()) {
throw new \Phalcon\Exception('Invalid security token');
}
} elseif ($action == 'logout') {
$key = $this->request->getQuery('key');
$val = $this->request->getQuery('val');
if (!$this->security->checkToken($key, $val)) {
throw new \Phalcon\Exception('Invalid security token', 401);
}
}
return parent::beforeExecuteRoute($dispatcher);
}
public function loginAction()
{
$user = new User();
$form = new \Admin\Forms\LoginForm($user);
if (!$this->webuser->isGuest()) {
throw new \Phalcon\Exception('You are already logged in');
}
if ($this->request->isPost()) {
if ($form->isValid($_POST, $user) && $form->authenticate() ) {
if ($form->login() === true) {
$name = $this->webuser->get('username');
$this->flashSession->success("Welcome {$name}");
return $this->response->redirect('/');
}
}
$this->flashSession->error($form->getAuthMessage());
}
$this->tag->setTitle("Login");
$this->view->setVar('form', $form);
}class ControllerBase extends \Phalcon\Mvc\Controller
{
/**
* Before every action, check if user is guest, but has remember me cookie token.
* If unable to login user in throw new exception. All backend methods require authorization.
*
* @param \Phalcon\Mvc\Dispatcher $dispatcher
*/
public function beforeExecuteRoute(Dispatcher $dispatcher)
{
$this->registry->csrfKey = $this->security->getTokenKey();
$this->registry->csrfVal = $this->security->getToken();
$controller = $dispatcher->getControllerName();
$action = $dispatcher->getActionName();
// CHECK A USER IS LOGGED IN
if ( ($controller !== 'session' && $action !== 'login') && $this->webuser->isGuest()) {
if ($this->webuser->hasRememberToken()) {
if ($this->webuser->loginUsingRememberToken() ) {
return true;
}
} else {
$this->flashSession->error('You must login');
$this->view->disable();
return $this->response->redirect('/login');
}
throw new \Phalcon\Exception('You are unauthorized to be here', 401);
}
}
}You have to return 'false' to stop the 'beforeExecuteRoute'
I tried your code in the first comment and it didnt work. It only seems to work with view->disable()
You were saying in ControllerBase::beforeExecuteRoute() I should have this right?
$this->flashSession->error('You must login');
$this->response->redirect('/login');
return false;Thanks for your help. Its not a big deal since it works with view->disable() I was just trying to understand why returning response->redirect() wasnt working.
Because you need both return a response: $this->response->redirect('/login') and return false, so you have also view->disable() to avoid the view being rendered and return false:
$this->response->redirect('/login');
$this->view->disable();
return false;or:
$dispatcher->setReturnedValue($this->response->redirect('/login'));
return false;Thanks for the explanation!