Users still able to access default EE CP home

mrtopher / dashEE

Control panel dashboard framework for EE CMS.

37 stars 5 forks source link

Users still able to access default EE CP home #5

Closed mrtopher closed 12 years ago

mrtopher commented 13 years ago

The one thing I have been unable to figure out is how to keep users from being able to bring up the default EE CP. Using hooks I can redirect the user upon login and using javascript I can change the home and breadcrumb links. But there are intermittent instances when users will still be redirected to the default EE CP.

Would love to find a way to redirect any requests to ?D=cp&C=homepage to dashEE but I'm not sure how yet.

Laisvunas commented 12 years ago

Hi Chris,

Have you considered using "sessions_start" hook for the purpose of redirecting from ?D=cp&C=homepage to D=cp&C=addons_modules&M=show_module_cp&module=dashee ?

mrtopher commented 12 years ago

Thanks for the suggestion Laisvunas. If I were to use this I would be checking the URL for "?D=cp&C=homepage" and redirecting manually if it's a match?

erikreagan commented 12 years ago

Chris,

You would just do something like this:

if (REQ == 'CP' && $this->EE->input->get('C') == 'homepage')
{
    // redirect here...
}

mrtopher commented 12 years ago

Thanks Erik, I'll give this a try.

mrtopher commented 12 years ago

This might be silly question, but I tried using session_start as recommended but I'm getting hung up because I loose access to constants like BASE. I assume this is because session_start is fired before such constants are set. This is a problem because without that value I'm unsure of how to get the address for redirecting the user.

Am I missing something obvious here?

Laisvunas commented 12 years ago

Hi Chris,

If BASE constant isn't set when "sessions_start" functions are executed, then BASE constant can be easily defined inside function itself. That is, inside function can be easily done the same as in the file /system/expressionengine/libraries/Core.php:

$s = 0;

if ($this->EE->config->item('admin_session_type') != 'c') { $s = $this->EE->session->userdata('session_id', 0); }

define('BASE', SELF.'?S='.$s.'&D=cp'); // cp url

GDmac commented 12 years ago

sessions_end has the userdata ready and set. that way you can also verify if the user has access to DashEE. https://github.com/mrtopher/dashEE/pull/17/

GDmac commented 12 years ago

Post Scriptum: Special thanks to @erikreagan and @Laisvunas for pointing in the right direction for this fix.