Yii2 get the url of the page before logon-implementation on the computer and browser and learning about the source code of yii2, yii2url
For a website with Logon Restrictions (permission restrictions), the user enters the authentication information and jumps to the page before logon after the authentication is successful. This is a user-friendly function. Therefore, it is critical to obtain the page address before logon. Some interesting problems are found during logon debugging for the yii2 project today and recorded.
1. Scenario Description
Page2 on the page of SiteA can be viewed only after login. The Page2 link is placed on a Button of Page1, which can be accessed before and after login, siteA only provides the entry to scan the QR code for logon.
2. Functional Requirements
Assume that the guest User has been registered on SiteA but is not currently logged on. When a User browses Page1, if he clicks the Button on the page, the User will go to the QR code logon page. After the logon is successful, it will jump to Page2.
3. Code for page Jump
Set the controller and method callback in the address to be called back after authorization.
Then, write the logic after user logon in the callback method. If the logon is successful:
return $this->goBack();
The above functional requirements can be fulfilled when you access the website using a computer browser. However, if the User accesses Page1 of SiteA from a mobile phone and then clicks the Button, will the User come to Page2 like on a computer?
I tested it today and did not jump to Page2. Instead, I came to the homepage of the website. The reason is not clear yet. However, the solution is found: add the state parameter to the address of the callback address after authorization, and attach the url of the page address browsed by the User before logon to the state parameter. In this way, the url can be obtained in the callback method, and the page jump after successful logon can be written as follows:
1 if (strpos ($ _ SERVER ['HTTP _ USER_AGENT '], 'micromessenger') = false) {2 // jump 3 return $ this-> goBack () in the pc browser (); 4} else {5 // jump to 6 return $ this-> redirect (url); 7} in the browser}
4. How can I obtain the url of the page browsed before a User logs on?
Yii2 provides a method to obtain the url of the page before logon.
Yii::$app->user->returnUrl;
5. How does yii2 implement the methods and functions in 4?
The method in 4 is defined in yii \ web \ User:
1 public function getReturnUrl($defaultUrl = null) 2 { 3 $url = Yii::$app->getSession()->get($this->returnUrlParam, $defaultUrl); 4 if (is_array($url)) { 5 if (isset($url[0])) { 6 return Yii::$app->getUrlManager()->createUrl($url); 7 } else { 8 $url = null; 9 }10 }11 12 return $url === null ? Yii::$app->getHomeUrl() : $url;13 }
The get method of Line 2 yii \ web \ Session:
1 public function get($key, $defaultValue = null)2 {3 $this->open();4 return isset($_SESSION[$key]) ? $_SESSION[$key] : $defaultValue;5 }
Yii2 is the $ this-> returnUrlParam obtained from the session as the browser page address before logon.
So how does it store sessions and at what time? The answer is in yii \ web \ User and yii \ webSession.
SetReturnUrl () method in yii \ web \ User:
1 public function setReturnUrl($url)2 {3 Yii::$app->getSession()->set($this->returnUrlParam, $url);4 }
The setReturnUrl () method is called in the loginRequired () method of yii \ web \ User:
1 public function loginRequired ($ checkAjax = true, $ checkAcceptHeader = true) 2 {3 $ request = Yii ::$ app-> getRequest (); 4 $ canRedirect =! $ CheckAcceptHeader | $ this-> checkRedirectAcceptable (); 5 if ($ this-> enableSession 6 & $ request-> getIsGet () 7 &&(! $ CheckAjax |! $ Request-> getIsAjax () 8 & $ canRedirect 9) {10 $ this-> setReturnUrl ($ request-> getUrl ()); 11} 12 //...... omitted code 13}
Then, loginRequired () is called in denyAccess () in yii \ filters \ AccessControl ()
1 protected function denyAccess($user)2 {3 if ($user->getIsGuest()) {4 $user->loginRequired();5 } else {6 throw new ForbiddenHttpException(Yii::t('yii', 'You are not allowed to perform this action.'));7 }8 }
Then, denyAccess () is called in beforeAction () in yii \ filters \ AccessControl ().
AccessControl can be configured in the Controller or in the configuration file main of the yii2 application. in php, if this is configured, The beforeAction () will be executed before each call to the Controller action, and the session storage will be triggered.
The url key name to be stored by default is set in yii \ web \ User.
public $returnUrlParam = '__returnUrl';
You can check the content verification in the session:
6. Let's take a look at the $ this-> goBack () method in 3.
In yii \ web \ contorroller
1 public function goBack($defaultUrl = null)2 {3 return Yii::$app->getResponse()->redirect(Yii::$app->getUser()->getReturnUrl($defaultUrl));4 }
You can see that it is also the url obtained from Yii: $ app-> getUser ()-> getReturnUrl (), which is actually the url obtained from the session.
7. Questions
The above discussion is based on the login operation (involving the logic before and after logon). If a website does not have the login function, it also does not use the access control function ), this eliminates the need to store URLs in sessions. Well, that's the case. If you do not need to log on, the page Jump mentioned at the beginning will not be involved.
End