0
Answered

external login form `redirectAfterLogin` and `redirectOnFailure`

Brian R 2 weeks ago updated by Vlad R 2 weeks ago 1

We're trying to build a custom login page that directs to a menu. We're using the custom external login form (https://docs.filerun.com/external_login_form) but it doesn't seem to honor hidden fields `redirectAfterLogin` and `redirectOnFailure`.

The user in our case shouldn't be directed to the filerun interface on login. So after login, on success, the user should be directed to a menu page. They can advance to filrerun from there if they choose...or not. On failure, they should stay on the custom login screen. Neither is working at the moment.

Currently, with the code below, a bad password directs to the filerun UI, though the page is blank. A valid password goes to the filerun UI instead of our menu. I assume I'm incorrectly entering values for the hidden fields and it's falling back to filerun UI(?), but I can't spot the issue.

Here is the form:

,,,  

<?php

   if ($_GET[['feedback']]) {

     echo base64_decode($_GET[['feedback']]);

   }

?>

<form method="post" action="https://my-domain/filerun/?page=login&action=login&nonajax=1">

  <input type="hidden" name="redirectAfterLogin" value="<?php echo base64_encode("https://my-domain/filerun/menu.html") ?>">

  <input type="hidden" name="redirectOnFailure" value="<?php echo base64_encode("https://my-domain/auth.php?") ?>">

  <label for="usr">Username:</label>

  <input type="text" name="username" value="" id="usr"/>

  <label for="pass">Password:</label>

  <input type="password" name="password" value="" id="pass" />

  <input type="submit" value="Login">

</form>  

```

Any guidance is much appreciated.

Answer

Answer
Answered

The hidden fields have been removed, because they were opening up FileRun to attacks.

This documentation page has been now updated, with information on how to achieve the redirects: https://docs.filerun.com/external_login_form

Answer
Answered

The hidden fields have been removed, because they were opening up FileRun to attacks.

This documentation page has been now updated, with information on how to achieve the redirects: https://docs.filerun.com/external_login_form