TYPO3 logout if not accept

0
votes

I am currently developing an extension to display information for user after frontend login. The user has to accept them (like terms and conditions).

Now I am looking for a good and secure logout mechanism:

  1. User gets redirect after login to information page

    • State: FE Login is available

  2. User reads information, can click "Accept" and "Logout"

    • if Accept: redirect to user start page
    • if Logout: go to Loginpage with "logintype=logout"

Now here is the problem:

In step 2, user can enter any valid URL in Browser, and TYPO3 has valid FE Login already (Step 1) -> Page is displayed without accept.

First solution idea: Logout always at step 1, login again if click on Accept. But I don't know the user credentials for automatic login, is this possible somehow?

Second solution idea: add a cookie, and in TypoScript Template make a condition with redirect to logout. Not my favourite solution, as cookies are too easy to manipulate. And we always have strange problems with cookies, as some users are sharing their workstations.

Third solution idea: add a flag to fe_user table, if set redirect to logout. Problem: We have already performance issues. Is there a solution that dont increase the page loading time? I suppose this check has to be done with every page loading...

Do you have any solution ideas for that?

  • TYPO3 4.5
  • Extension is ExtBase
  • add code to fe_login extension is a possible option, we have already changes there
3
typo3typoscript

3 Answers

2
votes

Here is my solution code, if someone needs it:

1) Add user Key in the extension - there is no direct Cookie Access to that:

$GLOBALS['TSFE']->fe_user->setKey('user', 'acceptFromExtension', 1);
$GLOBALS['TSFE']->storeSessionData();

2) Remove Key if accepted:

if accepted {
  $GLOBALS['TSFE']->fe_user->setKey('user', 'acceptFromExtension', 0);
  $GLOBALS['TSFE']->storeSessionData();
}

2) Check Key with TypoScript - its stored in fe_user|uc:

[globalVar = TSFE:fe_user|uc|acceptFromExtension> 0]
  page.config >
  page.config.additionalHeaders = Location: http://www.mydomain.com/index.php?id=111&logintype=logout
[END]

Thanks to sankar-v for that!

1
votes

Can't we use session? Set a session variable when the user clicks on accept and then use a typoscript condition like:

[globalVar = TSFE:fe_user|sesData|accept > 0]
page.10.userFunc = tx_templavoila_pi1->main_page

[ELSE]
page.10 = TEXT
page.10.value = You are not allowed to visit this page
or
page.config >
page.config.additionalHeaders = Location: http://www.yourdomain.org/login.html
[END]
0
votes

While you have own extension, you can just programmically logoff the user in it and then redirect the browser to any other page ($somePreparedUri can be created in your extension or i.e. fetched from TypoScript - as a static value - depends on your needs) 

if (!$accepted)
    $GLOBALS['TSFE']->fe_user->logoff(); 
    return $this->redirectToUri($somePreparedUri);   
)