Bad login results in 500 internal server error

[ant_000]

Hello,

One of our website running on J! 1.7.3 seems to be working fine with both .htaccess and SEF enabled.

We came accross a very strange issue when providing an empty or bad combination of username/password and clicking login (by the way, we use the core login to handle or logins)

In both cases, joomla returns an http "500 internal server error" on http://www.domain.com even though this is the main url to access the site (our login module is placed on the main page) Following a few hours of investigations, I figured out this might be linked to my .htaccess file (posted below)

I tried to comment FollowSymLinks but didn't seem to work (instantly anyway) ..

I'm not a .htaccess guru.. could anyone advise? hope this post will help a lot of other people who seem to have similar issues.

##
# @version $Id: htaccess.txt 10492 2008-07-02 06:38:28Z ircmaxell $
# @package Joomla
# @copyright Copyright (C) 2005 - 2008 Open Source Matters. All rights reserved.
# @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
# Joomla! is Free Software
##
#####################################################
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's. If they work,
# it has been set by your server administrator and you do not need it set here.
#
#####################################################
## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks
# Options -MultiViews
#
# mod_rewrite in use
RewriteEngine On
########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root)
RewriteBase /
########## Begin - Joomla! core SEF Section
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/index.php
RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ [NC]
RewriteRule (.*) index.php
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
#
########## End - Joomla! core SEF Section

[ant_000]

Dear all,

Maybe I ough to mention this apparently important information: my website is using godaddy. Could this have an impact on the content of the .htaccess?

[ant_000]

Hi, thanks for your feedback.

Yes SEF and mod_rewrite is enabled on backend
I tried commenting out Options +FollowSymLinks but we didn't notice any difference

I tired through Firebug to anaylize the code of the login module. the module apparently sets a token that is passed through when cliking on login. When deleting this piece of code, I receive the bad login error.. but when leaving the code unchanged, as it should, I get a 500 back.

Any ideas?

[ant_000]

I tried various .thaccess files, including the one mentioned in another post:

http://forum.joomla.org/viewtopic.php?f=618&t=594932

But still I still get the internal server error when providing an empty or wrong login on the front end.

Could this be linked to permissions? Been stuck for days on this issues, thanks for any feedback

[MrWilder]

I have the same problem. To me it looks like on failure it is simply trying to go somewhere "bad" (such as somewhere restricted by an .htaccess file, perhaps).

Is there a way to set the page Joomla directs to on failure?

Thanks,

T

[sanjayidhatiya]

hey friends i have a same problem with login on live ....it will worked perfectly on my localhost but in live it will give me 500 error page .....anybody can solve it ?????

[netelite]

I got the Solution!

Steps:
1. Check the log and temp folders permission. Set it to 755 if not set.
2. Open configuration.php
Now you need to change the values of the variable
$log_path = 'XXXXXXXXXXXXX';
$tmp_path = 'XXXXXXXXXXXXX';

To absolute path of these folders on your server. In my case i am using cPanel. So values would be
$log_path = /home/****/public_html/log
$tmp_path = /home/****/public_html/tmp

[sanjayidhatiya]

great worked fine ...........

[romprzy]

I got the Solution!

Steps:
1. Check the log and temp folders permission. Set it to 755 if not set.
2. Open configuration.php
Now you need to change the values of the variable
$log_path = 'XXXXXXXXXXXXX';
$tmp_path = 'XXXXXXXXXXXXX';

To absolute path of these folders on your server. In my case i am using cPanel. So values would be
$log_path = /home/****/public_html/log
$tmp_path = /home/****/public_html/tmp

I had similar problem.
Dunno why u change permissions - it's 0444 and what i had to do is: your step #2 - changing paths.
Then I did just what http://duckprince.[URL banned].com/2012/02/ ... rator.html says - rewrite password in database - no need to contact hosting company, no need to change security settings
(dunno much bout permissions and security issues but I've found some info about changing permissions to 0644 in this case - maybe it works 2).
I'm wonder if it can stay the way it is without further problems.
cheers

[pterodactyl]

worked great for me also, thanks so much!

[keki]

for me, it works only if i chmod
(folder) tmp 777
(folder) logs 777
(file) /logs/error.php 777

nothing less.

[kevincchen]

I had the same problem and resolved the issue only when changed access to "777", "755" did not work for me

[pe7er]

Note that 777 is not safe, see http://docs.joomla.org/Security_Checkli ... or_defaced

[lordwhizy]

last time i had this server error problem, i notice in the error_log it says memory allocation limit reached, so i just allocated more memory in my php.ini from 45MB to 55MB and it worked just fine.

[federica34]

Thanks for the input. Please also note that for me worked fine only when I put the same path (/web/htdocs....logs & /web/htdocs...tmp) used in configuration.php also in the joomla admin panel (Global Configuration --->System and ----> Server)

[harrietlucia]

i was about to launch sister website by using joomla.. will it be SEO Friendly using Joomla ?

[cssbutton]

if you are having error 500 check your htaccess

[markawol]

Temporarily change logs folder permission to 777.

Submit blank or bad Login (goes to error message).

Change folder permission back to 755.

[alikks]

I've been experiencing the same problem, thanks @kevincchen, setting it to 777 did help.

[johnyaz]

Thanks Netelite that was very helpful