[Mod] Forward to outside landing page when not logged in - Sendy Version 184.108.40.206
MailChimp has a cool feature where, if you click their unsubscribe link, you're taken to an unsubscribe page that's hosted on one of their non-mailchimp.com domains. If you edit the URL in the browser bar to just include the domain (it usually looks something like https://us18.list-manage.com), and hit enter, you'll be taken to a page on MailChimp's regular domain that says, "You probably found this page because one of our subscribers used MailChimp to send you an email campaign, and you traced a link in the email back here to investigate. MailChimp is an email-marketing service that serves millions of companies of all shapes and sizes, from all over the world. We send more than 1 billion emails every day, and we help our customers comply with spam laws and best practices so they can get their campaigns into their subscribers' inboxes."
I wanted the same kind of feature for my Sendy installation. Currently, if you click unsubscribe in an email sent by Sendy, it'll take you to the unsubscribe page. If you then edit the URL in the same way I discussed above, it forwards you to the Sendy login page. So, I modified the file that forwards you to the login page to forward me to an outside landing page If I'm not logged in. If I want to login to Sendy, I simply browse directly to the login page.
The modification is easy to do. Just go to /includes/login/auth.php and edit line 14.
echo 'window.location = "'.addslashes(get_app_info('path')).'/login";';
echo 'window.location = "http://yourdomain/yourlandingpage";';
Voila! You're all set.
Ben, I think this might be a feature that other users would like in future versions of Sendy.
Thank you for the mod. How would you login if you redirect the login page to somewhere else (and you aren't logged in yet)?
I don't redirect the login page. I redirect the index page if I'm not logged in. If I am logged in, nothing changes.
To log in, I just go to http://mysendydomain.com/login. Make sense?
You can see it in action at http://us18.list-manage-pro.com.
Have you made this work for your installation of Sendy, yet?
What is the end goal of what you are wanting to achieve by using this method?
If it's WOW - that's cool - then why waste time with it?
If it's YAY another subscriber or subscriber retention - then it has an important role.
It's hard for me (personally) to understand why I would care to capture someone who is poking around with changing the URL in the first place.
If this improves the security of the platform, then I consider it an important role as well.
Sorry to post here, but your idea got me to thinking and hopefully it helps in some small way.
I just didn't want people who were poking around to have access to the login screen. That's what motivated me.
And yes, it's working on my installation of Sendy.
I have wondered about people poking around the login page, too.
On a similar theme, the 'subscribe form HTML code' provided by Sendy carries the base URL of your Sendy installation.
So anyone could simply 'view page source' on your site, determine the base URL of your Sendy installation, and poke around your Sendy login page that way.
Should we be worried about this?
Is there anyway that the Sendy login page can be restricted to certain IP addresses?
If I was concerned about people pocking around. I would change the code in login.php to redirect on invalid logins. Track the count of invalid login attempts for user and block for some time. or track invalid logins by IP and block all login attempts form the IP.
for unsubscribe you can also modify go to the list and set the 'unsubscibe' page to a page you chose. I set this to the web site that that subscribed from..
Actually all confirmation pages I point to a different domain..
sendy.mydomain.com is where sendy runs and all confirmation pages are located on mydomain.com..
@ben it'd be a good feature to be able to redirect the login page to some custom domain and only be able to open the login page with some query string like
domain.combut `mail.domain.com?this=me shows the login page to avoid public interaction with your login page.