Order of execution has changed. (PHP snippets before actual login) [#727152]

I configured login destination to use PHP snippets to determine the final url. The idea was that the user would log in and then a php snippet would check that user's information to determine where to send them. This worked fine in 6.x.2.5

Upon updating to 6.x.2.6 the order in which events happened changed critically. It now executes the Destination URL PHP snippet before the user is actually logged in, meaning my snippet no longer has access to any useful data.

I changed the snippet to be:

global $user;
die (print_r($user, TRUE));

And as you can see, the user is not logged in upon reaching this code block.

stdClass Object ( [uid] => 0 [hostname] => REDACTED [roles] => Array ( [1] => anonymous user ) [session] => [cache] => 0 )

Comments

Comment #1

jbiechele CreditAttribution: jbiechele commented 4 March 2010 at 01:07

Comment #2

Jaypan CreditAttribution: Jaypan commented 4 March 2010 at 10:03

I am seeing the same behavior. I downgraded to 2.5 for the time being.

Comment #3

3CWebDev CreditAttribution: 3CWebDev commented 8 March 2010 at 21:56

Same issue. Downgrading and subscribing.

Comment #4

spuky CreditAttribution: spuky commented 10 March 2010 at 17:49

Title:	Order of execution has changed. (PHP snippets before actual login)	» Order of execution has changed. (PHP snippets before actual login)
Priority:	Normal	» Critical

Set to critical to make it easyer to spot... took me quite some time to find what was wrong...

Downgraded to 2.5

Comment #5

mikesir87 CreditAttribution: mikesir87 commented 11 March 2010 at 14:44

Having the same issue here... It actually broke the site because we're using Content Profile and Auto Assign Role during registration. With the PHP firing beforehand, the profiles aren't being saved. Downgraded and subscribing.

Comment #6

gownikarunakar CreditAttribution: gownikarunakar commented 12 March 2010 at 07:20

Anyone has found any solution for this yet?

Comment #7

Sohodojo Jim CreditAttribution: Sohodojo Jim commented 12 March 2010 at 18:39

Same here. Downgraded and subscribing.

Comment #8

3CWebDev CreditAttribution: 3CWebDev commented 18 March 2010 at 05:36

Component:

Miscellaneous

» Code

Okay, I tracked down the cause of the bug. The latest version has a new form_alter hook on the user_login form that appears to be clashing with the hook_user hook. I can't tell the purpose of the new form_alter hook but it is also calling the routine that evaluates the PHP snippet and redirecting the user before the hook_user hook is doing it.

I found a work around that I think is allowed because of another bug. If you check the "Return user to where he/she came from. (Preserve destination" box in the "destination URL admin" section it will bypass the user_login hook, run the PHP evaluation and then redirect as it did in the previous release.

Please see comments in the culprit function from the 6.2.6 version below.

function login_destination_form_alter(&$form, $form_state, $form_id) {
// THIS FUNCTION IS NEW AND BEING CALLED BEFORE HOOK_USER
  if ($form_id == 'user_login') {
    
    if ( variable_get('ld_destination', TRUE) ) {
     // THIS FUNCTION IS EMPTY AND DOES NOT DO ANYTHING - BUT BY SELECTING "Return user to where he/she came from. (Preserve destination)" THIS SECTION WILL RUN INSTEAD OF THE FOLLOWING

    }
    // php snippet or static url
    else {
      // THIS IS THE ACTUAL CAUSE OF THE PROBLEM AS IT RUNS BEFORE THE USER OBJECT IS LOADED AND DOES NOT ALLOW FOR PROPER FUNCTION PHP SNIPPETS FOR REDIRECTS
      $arr = login_destination_calculate_redirection_path_and_query($form);
      $path  = $arr[0];
      $query = $arr[1];
      if (!empty($query) ) {$add_to_path = "?" . $query;}
      $url = $path  . $add_to_path;
    }
  

    $form['#redirect'] = $url;
  }
}

Comment #9

3CWebDev CreditAttribution: 3CWebDev commented 18 March 2010 at 18:23

Assigned:

Unassigned

» 3CWebDev

Comment #10

3CWebDev CreditAttribution: 3CWebDev commented 24 March 2010 at 14:01

Status:

Active

» Fixed

This has been fixed in the latest module. Please install and test. Please be aware the the redirect conditions are also working now and if you had conditions already entered they may not have been working on previous versions and will begin working on the new version. This could cause unexpected actions.