TYPO3 Core

The patch solves the problem but creates a new one: If a user enters a wrong password the wrong-password-messages are not shown anymore.

Problem and patch confirmed in TYPO3 4.5.5 and 4.5.6. Tested on different installations and servers.

@Matthias
Im not able to reproduce the "wrong password message not shown" issue.

I could not check this issue recently, so cannot confirm 100%.
However, I do remember solving this kind of issue recently on a recent project that used 4.5.
This time, the location which caused the issue was quite different indeed, and was not same as original!

redirectUrl is only emptied if showLogoutFormAfterLogin is set.

Yes, this seems like the exact issue we were facing.

Even when "showLogoutFormAfterLogin" is set, we might wish to redirect the user to an Access restricted issue.
Then on the access restricted page, we wish to show logout button.

Seems logical?

By the way, I forgot to inform that the patch attached is quite old! Almost 5 months, and the code has changed a lot since then.

Unfortunately, there are some issue related to redirect.

I will try to find out the exact issue from the last patch and update you soon.

Hope it may not take another 5 months ;)

If you do a redirect to an access restricted page and have an instance of felogin on that page it will show the logout button.
Only if you stay on the same page the felogin plugin will show the 'you-have-successfully-logged-in' message without showing the logout button. If you visit the same page again (without sending a login request) it will show the normal logout form. The option "showLogoutFormAfterLogin" will skip the message that you have successfully logged in and go directly to the logout form.
I just tested both scenarios and everything worked as expected. Maybe we need to add some help texts to the form and add some examples to the manual.

I can confirm some kind of redirection bug with TYPO3 4.5.19. The following scenario:

• we have a login-form on each page inserted via TypoScript. When the user is logged in, this form turns into a logout-button.
• when the user logs in, he should be redirected to a restricted page.
• the user may browse around and hit the logout button on the page, at a later point in time
• when the user logs out, he shall be taken to a certain page.

All the pages are to be configured via TypoScript.

• the $this->redirectUrl gets resolved correctly. But then in the calls to $this->showLogout() and $this->showLogin() in lines 126 ff. of class.tx_felogin_pi1.php it gets erased. :(

• remove the lines that reset $this->redirectUrl = '';

• plenty, I guess. Please have a deep look into this. For our installation it seems to work. I'll report back any problems we discover. This should be subject to thorough unit testing...

It seems that TYPO3 4.7 is affected as well. At least the code that does the redirection handling seems to be similar.
Also the current master seems to be affected. Though the code looks a lot different because of the namespace patches, the critical points remain untouched.

Sebastian Steinmetz wrote:

It seems that TYPO3 4.7 is affected as well.

It is. I just spend a good deal of time with that issue.
After switching "showLogoutFormAfterLogin" from 1 to 0 redirection works again. This applies to all redirection modes.

Problem still exists in 4.7.7 despite off the showLogoutFormAfterLogin=0 and everything described here.

What I want to achieve is that the menu button "Login" is replaced by "Logout". This is a de facto standard method.
On page Login there is the login form for login. On page Logout the logout button is placed.

So far it works well: after log in, feusers are redirected to another page. But in the navigation menu I have both "Login" and "Logout".

To complete the required behaviour, access rules for the page "Login" is set to "Hide at login".
On page "Logout" the access rule is "Show at any login".

Obviously, I need the redirection to work in this case. Because the page "Inloggen" doesn't exist for a logged in feuser. But now the the redirect fails: no redirect to logout page or normal page.

It even gives a 404 because the feuser stays on page "Login".

After visiting another page, the navigation shows "Logout", finally.

I have tried all the redirect options, except for "referrer".

Is this a bug or my configuration mistake? Anyway, it should be a "click and play" situation, we cannot explain this to new backend Admins. I see many people struggling and complaining in Google while it's a basic function.

I've found out that the problem occurs if the login page should be hidden after a successful login (if set to "Hide at login"). Otherwise, the redirect works.