Login Redirect Issue after 3.7 upgrade

[soap47]

Steps to reproduce the issue

Upgrade to 3.7 or on a new 3.7 Joomla installation set the home menu item to Access = Registered

Expected result

Redirect to Login Page

Actual result

The page isn't redirecting properly error

System information (as much as possible)

Joomla 3.7 php 5.5.30 & 7.1.1

Additional comments

- http://localhost/testjoomla
- Will redirect to: http://localhost/testjoomla/index.php/component/users/?view=login&Itemid=101 (ERROR)
- Removing the: &Itemid=101 (WORKS)

[tonypartridge]

Confirmed.

@wilsonge You are familiar with the router now 🤣 suggestions...

[Stevec4]

Confirmed as well

[PhilETaylor]

What is your menu item with id 101? and is that published and has ACL allowing access?

[soap47]

@PhilETaylor The &Itemid=101 is copied from a new 3.7 installation and it's the redirection of the default home page i just changed the menu item's access to registered nothing else.

[PhilETaylor]

Sounds like you have not got a menu item for the login page - create one and you will see that Joomla redirects to it correctly.

[brianteeman]

Did having all pages registered only ever work in the past? I didn't think it did

On 2 May 2017 3:08 p.m., "soap47" notifications@github.com wrote:

@PhilETaylor https://github.com/PhilETaylor The &Itemid=101 is copied from the new 3.7 installation and it's the redirection of the default home page i just changed the menu item's access to registered nothing else.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/joomla/joomla-cms/issues/15730#issuecomment-298645880, or mute the thread https://github.com/notifications/unsubscribe-auth/ABPH8UHBL4pg-RmzvbSREuXkZd9Psj4pks5r1zh3gaJpZM4NNzqf .

[PhilETaylor]

Fact is that ItemId 101 is the home page - and you cannot have no login page (without a menu item = itemid) and set the home page to registered only - you will put Joomla into a loop.

This is not a Joomla issue - this is a site configuration issue.

If you really must set your HOMEPAGE as registered, then you MUST have a different menu item, of type public, of type Login Form, so that users can be redirected to that menu item (Itemid) in order to login.

[tonypartridge]

Eitherway, we cannot expect all users to be configuration gurus and this scenario can occur.

I suggest we add a check on BeforeSave that the menu item is not the homepage when saving the access level. OR set access level to read only for the homepage menu item.

[PhilETaylor]

I suggest we add a check on BeforeSave that the menu item is not the homepage when saving the access level. OR set access level to read only for the homepage menu item.

Neither - its a valid use case that the home page can be set to only registered users - but if you are "guru" enough to attempt that you should be "guru" enough to add a PUBLIC login page!

Its not rocket science!

[tonypartridge]

No one said it was, but a user can just set the home page to registered to require a login to the website so they would expect it to work. Why would they naturally assume they need to create a login page for the automatic redirection of the homepage.

That is poor UX to assume that people should know they need to create another menu item to make the current menu item restricted. When we can educate users with a simple check.

[PhilETaylor]

There are a million things we allow users to do to destroy their site, that we don't warn them against...

Personally I would prefer that we DID NOT redirect to a login page when visiting a registered level url - but show a 403 Forbidden message - but thats not what we do with the home page for some reason...

When we can educate users with a simple check.

I doubt it would be a simple check... "home" is a very subjective place.

[soap47]

Creating a Login Menu Item in a hidden menu worked. @brianteeman I had 5 sites registered only and worked correctly up until 3.7 upgrade.

P.S. Do i need to do anything with this Issue (Close Issue?)

[PhilETaylor]

"home" was changed as part of the customisable joomla admin menus... so maybe something there broke something ...

[soap47]

I have created Login Menu Item but now every now and then it gives me a blank page. If i deactivate System - Page Cache it redirects correctly.

[PhilETaylor]

clear your browser cache - its probably got the caching cached. (restart the browser if chrome too)

[soap47]

I even checked it on a fresh installed Opera still getting blank pages

[tonypartridge]

This is a known issue with Joomla! 3.7.0 @soap47 caching will not generate a 404 on the second visit. It is resolved in 3.7.1.

[PhilETaylor]

If i deactivate System - Page Cache it redirects correctly.

Known issue addressed in other issues/pr's - please search and you will find!

https://github.com/joomla/joomla-cms/issues/15674

[Stevec4]

Thanks Phil this helped me as well.

On Tue, May 2, 2017 at 10:14 AM, Phil Taylor notifications@github.com wrote:

Sounds like you have not got a menu item for the login page - create one and you will see that Joomla redirects to it correctly.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/joomla/joomla-cms/issues/15730#issuecomment-298648082, or mute the thread https://github.com/notifications/unsubscribe-auth/AGcEevvITS_rGlpz5KsjBMZLmOMvBx7Oks5r1zpigaJpZM4NNzqf .

[mattske]

All, please pardon my ignorance on the issue resolution process for reported defects. I see this issue is still open, but I can't tell from reading the comments whether it will be fixed in an upcoming build. The reason I ask is because I have been configuring Joomla sites in this manner (Home and all other menus set to Registered or other group permission) since Joomla 1.5. I currently have 12 sites configured in this manner. They will break if I upgrade.

[DavidBoggitt]

This royally screwed up a company intranet I built when updating to 3.7.0. In this case the default home page was registered but there was a 3rd party login module associated with that menu item. On logging in, all was fine.

The redirects stuffed this up, but this thread saved me thankfully! So, to answer @brianteeman's question from earlier, there was a situation where having all pages registered worked in the past!

Cheers.

Dave.

[brianteeman]

@DavidBoggitt Thanks for confirming that it used to work. I was asking as I remembered a blog post in the past regarding setting your site offline and modifying the code there for this use case. But I guess I must have had a very long memory and that it was for Joomla 1 or 1.5

[tonypartridge]

It's likely due to the redirect, we will need to check the segmentation and if redirect to com_users do not require a menu item before forcing the redirect. It all falls back down to the old Joomla! Must have a menu item issue and I suspect the issue that is now happening is because of the new router implementation / revert.

[alexgarel]

I got the problem here too. The thing is that having home set to "registered" (and all other page) sends to /it/component/users/?view=login&Itemid=<home_item_id_here> and again and again. While requesting only /it/component/users/?view=login would work. As indicated above I added a public menu with the login form and it resolved the problem.

[kmdm]

Just another confirmation from me: Worked fine in v3.6.4, stopped working when I just upgraded to v3.7.1.

Solely adding the menu link fixed the problem.

[PhilETaylor]

stopped working when I just upgraded to v3.7.1.

Do you mean 3.7.0 or 3.7.1 ?

[kmdm]

I mean v3.7.1 (I upgraded to the security fix release before reading that it only affected v3.7.0 anyway)

[mattske]

This issue is still open and unassigned. I am wondering if it will be fixed in a future 3.7.x service pack, or if I need to go ahead and add a public login module to all of my sites so I can upgrade. I prefer to keep my sites at the latest version to ensure they are protected from security vulnerabilities. On the other hand, the auto-redirect to the login page when Home is set to Registered is a very handy feature. If it will get fixed in an upcoming service pack, then I'll wait on upgrading my sites. I'd rather not spend the time reconfiguring them with a public login module so I can upgrade now, only to see this feature get fixed in an upcoming service pack and then revert.

[tonypartridge]

I've looked into it for a little bit, but the router is complex. The issue I came into is, Joomla! Allows us to have other login methods, and menu items, so for example if we forced a check for com_users login do not add an id it wouldn't work for those using CB for instance and is a bit of a hack.

JRoute always adds a menu itemid regardless due to the design.

@wilsonge has spent a lot of time on the router(s), and could he find enough time might be able to solve it....

Alternatively we can write a basic plugin to handle it for your specific scenario.

On 19 May 2017, 15:55 +0100, mattske notifications@github.com, wrote:

This issue is still open and unassigned. I am wondering if it will be fixed in a future 3.7.x service pack, or if I need to go ahead and add a public login module to all of my sites so I can upgrade. I prefer to keep my sites at the latest version to ensure they are protected from security vulnerabilities. On the other hand, the auto-redirect to the login page when Home is set to Registered is a very handy feature. If it will get fixed in an upcoming service pack, then I'll wait on upgrading my sites. I'd rather not spend the time reconfiguring them with a public login module so I can upgrade now, only to see this feature get fixed in an upcoming service pack and then revert.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub (https://github.com/joomla/joomla-cms/issues/15730#issuecomment-302725193), or mute the thread (https://github.com/notifications/unsubscribe-auth/ABVglh6AxDPm-zTwlEo7Kr093Izm--Nlks5r7a1egaJpZM4NNzqf).

[mattske]

Okay, thanks much for the reply. I'll wait a little and see if the ticket is assigned. If not, then I'll go ahead and add public login menus to my sites so I can upgrade. Thanks for the plugin idea, but if the issue cannot be fixed, then I should adapt like everyone else :)

[john-baskerville]

This issue is causing havoc across many of our clients sites. We are managing over a hundred Joomla sites, which have all been updated to Joomla 3.7 (now updated to 3.7.1) and logins to registered menu items does not take them to the login page, as it should (and was); it simply redirects to the home page. We are getting hammered. I really really really hope this gets fixed, and soon. Right now, I’m sitting here at a loss of what to do about this.

[PhilETaylor]

@OSAGAtech I do not know what broke this, apparently it used to work, but the workaround is in my post here https://github.com/joomla/joomla-cms/issues/15730#issuecomment-298649090

Until someone identifies the change that stopped this working in Joomla 3.7.1 and takes ownership of the problem, it will not change.

I believe Joomla 3.7.2 will not be held up for this as its not yet marked as a release blocker @rdeutz

[tonypartridge]

@wilsonge do you have a minute to take a look? I suspect it's due to part of the changes to adapt the new router? And some was maybe not fully reverted?

On 22 May 2017, 17:12 +0100, Phil Taylor notifications@github.com, wrote:

@OSAGAtech (https://github.com/osagatech) I do not know what broke this, apparently it used to work, but the workaround is in my post here #15730 (comment) (https://github.com/joomla/joomla-cms/issues/15730#issuecomment-298649090)

Until someone identifies the change that stopped this working in Joomla 3.7.1 and takes ownership of the problem, it will not change.

I believe Joomla 3.7.2 will not be held up for this as its not yet marked as a release blocker @rdeutz (https://github.com/rdeutz)

— You are receiving this because you commented. Reply to this email directly, view it on GitHub (https://github.com/joomla/joomla-cms/issues/15730#issuecomment-303146809), or mute the thread (https://github.com/notifications/unsubscribe-auth/ABVglrDUhQl9RrM35dFqbphJDWm1EiP7ks5r8bPmgaJpZM4NNzqf).

[john-baskerville]

Also, i want to clarify, that in our cases, we do not have the homepage set to registered/login... instead, we have typical public websites a general menu items (Home, About, Services, Contact, etc...) and also a "Resource" menu item in most cases, that is set to "Registered" user access level. It is not prompting users (who are not registered) to enter their login info to access the content, instead, they simply get redirected to the homepage. This is a HUGE BUG that i hope someone fixes.

[stevlam]

hi, if issue is the same as https://github.com/joomla/joomla-cms/issues/16139

disocvered replacing in https://github.com/joomla/joomla-cms/blob/staging/libraries/cms/component/router/rules/menu.php#L133

if (!empty($default->id)) for if (!empty($default->id) && in_array($this->router->menu->getItem($default->id)->access, JFactory::getUser()->getAuthorisedViewLevels()))

stops the redirects and works like 3.6.5. not sure is ok on all cases or is a proper change but works in my case

[tonypartridge]

I've sent a pull request please see: https://github.com/joomla/joomla-cms/pull/16197

[tonypartridge]

@stevlam , Thanks for the pin point. Would have taken me a little longer to get to that!

There is a pull in, so if anyone in here can test that would be great. We need 1 more test.

[TheBorox]

Hi, I've created a hidden login menu and now it works, no more ERR_TOO_MANY REDIRECTION. Thanks a lot, I was stuck!

Nicolas

[brianteeman]

The correct fix for this is to ensure that you always have a login menu item - it can be set to hidden if you want.

[TheBorox]

I confirm, that's what I've done.

[zero-24]

I'm reopening here based on @wilsonge 's comment here: https://github.com/joomla/joomla-cms/pull/16233#issuecomment-313127767

[i3health]

We are experiencing the same issue, however our home menu item is public.

Steps to reproduce the issue

Go to www.i3health.com Click on any page that's restricted to registered users. Example: From CME menu, select "Lung Cancer". Then click on "Start Activity" tab

Expected result

User is redirected to the login page: https://www.i3health.com/cb-login

Actual result

User is redirected to https://www.i3health.com/component/comprofiler/login?Itemid=607 This is a blank/white page

Note: itemid=607 is the home menu. If we delete "?itemid=607" from the URL, the login page is displayed as expected.

Also note: We have manually added a hidden login menu to the main menu. We have also added it under the Community Builder menu, where it used to be before the upgrade to 3.7.3. (The 3.7.3 upgrade somehow deleted the Community Builder menu.)

Also note: System caching is disabled.

[tonypartridge]

Hello,

You are using community builder login. Not Joomla! Please contact Joomlapolis.

On 9 Jul 2017, 14:49 +0100, i3health notifications@github.com, wrote:

We are experiencing the same issue, however our home menu item is public. Steps to reproduce the issue Go to www.i3health.com Click on any page that's restricted to registered users. Example: From CME menu, select "Lung Cancer". Then click on "Start Activity" tab Expected result User is redirected to the login page: https://www.i3health.com/cb-login Actual result User is redirected to https://www.i3health.com/component/comprofiler/login?Itemid=607 This is a blank/white page Note: itemid=607 is the home menu. If we delete "?itemid=607" from the URL, the login page is displayed as expected. Also note: We have manually added a hidden login menu to the main menu. We have also added it under the Community Builder menu, where it used to be before the upgrade to 3.7.3. (The 3.7.3 upgrade somehow deleted the Community Builder menu.) Also note: System caching is disabled. — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[ghost]

Issue #17021 is open for Report of @i3health

[anabarcellos]

Good afternoon, guys. Every week I need to give support on this issue. It is impossible to users to guess what is happening, since the error message gives no hint about the cause or solution. In the users' perspective, they broke the website and they don't know how to fix it.

Expected result (before Joomla! 3.7): When you set your home to access level "registered", it redirects to the login page.

Actual result: "Redirect error" on browser, adding the following to url: component/users/?view=login&Itemid=101

[brianteeman]

And did you try the fix I proposed?

[anabarcellos]

Yes, @brianteeman, thank you. I always fix the issue for them following your suggestion. I just think it is relevant to share that basic users can't fix it by themselves.

[senderdc]

@anabarcellos i agree with you. Yesterday i updated my site from 3.6.2 to 3.8.3 and crashed. I tested different versions, until 3.7 worked fine. I think not unique using joomla as registered content site and creating hidden menus and other solutions not a normal update process.... UPGRADING from joomla 2.5 to 3 didn't do bigger problem than UPDATE jomla 3.6 to 3.7 or 3.8

I dont know why can't redirect to login page than login and reach HOME as like was in 3.6... or previous versions :(

My real site (not test site what i showed in "Redirect loop/site can't reach when Home acces only registered users ticket") is using fully custom component without com_users in menu or login module. From 2.5 I set HOME to registered what redirect userse to login page than users can login and everybody was happy... And now??? Crash my site and I need to DIY with custom codes or hidden menus because i want to keep my site Up to date 👯‍♂️

I LOVE JOOMLA and i appreciate everybody work, but this solution is not professional way.....

[senderdc]

@brianteeman, @infograf768, @anabarcellos

the BEST solution what i found (myself i dont know maybe others find too) I commented out line 170 to 173 in libraries\src\Component\Router\Rules\MenuRules.php

/ if (!empty($default->id)) { $query['Itemid'] = $default->id; }/

PRO: Working great on test site and my live site too. Dont need any hidden menu or ACL change HOME menu still reach only registered users... CONTRA: user not redirect to user lanaguage default site, user need to manual switch language...

[infograf768]

@senderdc Looks like working here on a multilang site. I have no idea though of the consequences B/C wise.

@csthomas