I'm new to F3 and I've just implemented a form-based login system (using the Auth plugin). It works, but my not-logged-in check looks like this:
if (!$f3->get('SESSION.user')) $f3->reroute('/login');
The example I was referring to, did this, which seems more correct:
if (!$f3->get('SESSION.user')) $f3->error(401);
However, this 401 error shows a simple error page. I want it to send back the login form (which is at /login) along with an error saying "You must be logged in" and I want this response to be a 401 instead of a 403 or 200.
Am I right in expecting this behaviour or is a 401 only valid for HTTP Basic Auth and not custom form-based auth?
You can customize the error response with the ONERROR hook.
So in your case, you could do something like this:
$f3->ONERROR=function($f3) {
if ($f3->get('ERROR.code')==401) {
// custom behaviour on 401
echo \Template::instance()->render('error-401.htm');
} else
// default behaviour otherwise
return FALSE;
};
<!-- error-401.htm -->
<h1>This page requires authorization</h1>
<a href="/login?path={{ @PATH }}">Click here to sign in</a>