1.0.8 :: LOGIN MODULE: redirection error on IIS (http>https)

Geas · **Posted:** Mon Feb 27, 2006 2:01 am

Login module on 1.0.8 has some strange issues.

After the update from 1.0.7, on a IIS server it redirects me to http://www.domain.com/https://www.domain.com

(Bold part should not be there)

I'm now using login module from 1.0.7 and it works just fine.

Didn't have the time to look for differences between them. Haven't found another issue yet.

guizzo · **Joined:** Thu Jan 19, 2006 3:31 pm **Posts:** 8

I had modified \modules\mod_login.php.

At line 20 change !== in !=

at line 31 change $return = $request_uri; in $return = $url;

and it works.

Geas · **Posted:** Mon Feb 27, 2006 2:28 pm

It works. Thank you very much!

Regards,

bertrevert · **Posted:** Tue Feb 28, 2006 3:05 am

yes this works many thanks, can I add also....

on line 20 change both instances of !== to !=

guizzo · **Joined:** Thu Jan 19, 2006 3:31 pm **Posts:** 8

bertrevert wrote:

on line 20 change both instances of !== to !=

Of course ;-)

Jharbinjr · **Joined:** Wed Jan 04, 2006 5:21 am **Posts:** 2

I've made these changes and now it returns to the main page, but I am still not logged in...
Any further suggestions?

sn9ke.eyes · **Joined:** Tue Feb 28, 2006 6:22 pm **Posts:** 12

guizzo wrote:

I had modified \modules\mod_login.php.

At line 20 change !== in !=

at line 31 change $return = $request_uri; in $return = $url;

and it works.

I made both changes and am still having trouble with https referalls, but mine is not a login problem, mine is when content has a referal i.e. http://www.mysite.com/https://www.site2.com

pushfrog98 · **Posted:** Tue Feb 28, 2006 9:34 pm

i've changed the logout.php file and now I get this error when i attempt to logout of the admin page:

Quote:

Warning: initsessionadmin(logout.php): failed to open stream: No such file or directory in E:\Inetpub\dev\joomla\includes\joomla.php on line 703

Fatal error: initsessionadmin(): Failed opening required 'logout.php' (include_path='E:\Inetpub\dev\joomla\includes;e:\inetpub\dev\joomla') in E:\Inetpub\dev\joomla\includes\joomla.php on line 703

lightspeed · **Joined:** Mon Nov 28, 2005 11:41 pm **Posts:** 3

Hi,

I have defined the login and logout redirection URLs in the config page for the login module.

I was having problems because it looked like Joomla was expecting these to be relative paths, not full URLs.

eg there were some errors in the Apache logs like this:

Code:

[Tue Feb 28 23:28:47 2006] [error] [client 172.29.192.5] (20024)The given path misformatted or contained invalid characters: Cannot map GET /https://www.lspeed.org HTTP/1.1 to file

I solved it by removing the "sefRelToAbs" function calls in lines 67 and 129, so that instead of:

Code:

Line 67: <input type="hidden" name="return" value="<?php echo sefRelToAbs( $logout ); ?>" />
Line 129: <input type="hidden" name="return" value="<?php echo sefRelToAbs( $login ); ?>" />

It is now:

Code:

Line 67: <input type="hidden" name="return" value="<?php echo $logout; ?>" />
Line 129: <input type="hidden" name="return" value="<?php echo $login; ?>" />

Maybe it was never supposed to work this way, but it seems more flexible like this, and it looks very much like it may also be related to the original problem in this thread as well (but just an alternative solution).

jeepn · **Joined:** Wed Jan 04, 2006 4:43 pm **Posts:** 105

Geas wrote:

Login module on 1.0.8 has some strange issues.

After the update from 1.0.7, on a IIS server it redirects me to http://www.domain.com/https://www.domain.com

(Bold part should not be there)

I'm now using login module from 1.0.7 and it works just fine.

Didn't have the time to look for differences between them. Haven't found another issue yet.

I had the same problem ( upgraded to 1.0.8 on IIS 6 ) and after I looked at the code of mod_login.php I think this may be a different option for fixing this issue ( works on my install anyway ):

change this ( line 24 ):

Code:

if ( isset( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] ) {

to this:

Code:

if ( isset( $_SERVER['HTTPS'] ) && ($_SERVER['HTTPS'] === 1 || $_SERVER['HTTPS'] == 'on' ) ) {

What's happening, best I can tell, is that IIS has the $_SERVER['HTTPS'] variable set using "on" and "off" for values. Not true and false. Thus, the way that the module was checking the value of that server variable doesn't work with IIS.

Is there someone out there with a SSL cert installed that could test this fix when HTTPS is an option?

petere · **Joined:** Wed Mar 01, 2006 8:05 pm **Posts:** 1

Confirmation:
W2k3, IIS6, PHP 5.1.2 ISAPI and CGI
HTTP -> _SERVER["HTTPS"] off
HTTPS -> _SERVER["HTTPS"] on

Cheers Peter

jeepn · **Joined:** Wed Jan 04, 2006 4:43 pm **Posts:** 105

petere wrote:

Confirmation:
W2k3, IIS6, PHP 5.1.2 ISAPI and CGI
HTTP -> _SERVER["HTTPS"] off
HTTPS -> _SERVER["HTTPS"] on

Cheers Peter

Great, thanks Peter.

stingrey · **Posted:** Thu Mar 02, 2006 7:24 am

I am almost certain that there are issues with mod_login and IIS servers.

However, without access to an IIS server I cannot confirm these issues.
Hopefully I will get access to an IIS server for testing on the weekend.

stingrey · **Posted:** Thu Mar 02, 2006 7:26 am

guizzo wrote:

I had modified \modules\mod_login.php.

At line 20 change !== in !=

at line 31 change $return = $request_uri; in $return = $url;

and it works.

Please be aware that although this works, its simply due to incorrect handling.

This 'solution' may work for IIS users, however it is incorrect logic.
The originaly code check is correct, however the problem with IIS servers is that they do not have a $_SERVER['REQUEST_URI'] variable

stingrey · **Posted:** Thu Mar 02, 2006 7:29 am

jeepn wrote:

What's happening, best I can tell, is that IIS has the $_SERVER['HTTPS'] variable set using "on" and "off" for values. Not true and false. Thus, the way that the module was checking the value of that server variable doesn't work with IIS.

Is there someone out there with a SSL cert installed that could test this fix when HTTPS is an option?

Thank you we will examine this issue once we have access to an IIS server.

Please remember that as most of our users and all our developers use Apache servers we have found it difficult to test cases whether code being used is X-Server neutral.

We hope to alleviate this by setting up an IIS server for internal code testing.

jeepn · **Joined:** Wed Jan 04, 2006 4:43 pm **Posts:** 105

stingrey wrote:

Thank you we will examine this issue once we have access to an IIS server.

Please remember that as most of our users and all our developers use Apache servers we have found it difficult to test cases whether code being used is X-Server neutral.

We hope to alleviate this by setting up an IIS server for internal code testing.

No problem. I'm happy to hear about the dev & testing team getting an IIS server for testing.

stingrey · **Posted:** Thu Mar 02, 2006 2:02 pm

For developers examining differences between $_SERVER PHP variables under Apache and IIS, this is the best article I have been able to find:
http://koivi.com/apache-iis-php-server-array.php

Unfortunately it doesnt go further and list whether the values returned are different between the 2 servers.
For example as posted here the values returned are different - somethign I was previously unaware of.

However, it is a good starting base.

perandre · **Posted:** Thu Mar 02, 2006 8:56 pm

I have login-problems in Joomla 1.0.8's frontend, as well.
I have not set a redirect-url in admin. What I get when I try to login, is this: http://forum.3-16.no/joomla/http://www.popskolen.no/

(My host is set to forward popskolen.no to forum.3-16.no/joomla/, if you were wondering...). My host is Unix-based.

Changing line 20 and 31 in mod_login.php did not help...it gave me the root page (http://forum.3-16.no/), which is a different site.

What to do...?

perandre · **Posted:** Thu Mar 02, 2006 9:17 pm

With the other fix, I get this error-message where the login-window is supposed to appear:

Parse error: syntax error, unexpected ')' in /home/1/e/eft/www/joomla/modules/mod_login.php on line 24

jeepn · **Joined:** Wed Jan 04, 2006 4:43 pm **Posts:** 105

perandre wrote:

With the other fix, I get this error-message where the login-window is supposed to appear:

Parse error: syntax error, unexpected ')' in /home/1/e/eft/www/joomla/modules/mod_login.php on line 24

Hmmm.... Make sure you have the code in there exactly as shown. Looks like you are either missing a parenthesis or you have an extra one in there somewhere...

perandre · **Posted:** Thu Mar 02, 2006 9:58 pm

Thanks. I tried again with the right code, and the login-module showed up. But I still get http://forum.3-16.no/joomla/http://www.popskolen.no

...

yacosta · **Joined:** Fri Aug 26, 2005 5:47 pm **Posts:** 42

I'm having a similar redirection error using Linux/Apache/PHP 4.3.11 where I am getting redirected to http://www.mysite.comindex.php/? 

Does anyone have any ideas?

Alpaca · **Joined:** Mon Oct 31, 2005 9:36 am **Posts:** 10

Using the 1.0.7 login module seems to be a decent workaround. Will there be an "official" solution for this problem (Microsoft-IIS/5.0)?

Y3PP3R · **Joined:** Tue Nov 29, 2005 11:03 am **Posts:** 14

I have this problem too, and I am curious about the status of this bug.

Is there a tracker # we can view progress or something like that?

And what is the best workaround this moment?

Amine · **Joined:** Mon Sep 12, 2005 2:40 pm **Posts:** 156

Hello ,

Quote:

At line 20 change !== in !=

at line 31 change $return = $request_uri; in $return = $url;

It's works fine, but I'm having a little problem

I have Hello , 0 instead of Hello , username

Thanks for any help

Amine · **Joined:** Mon Sep 12, 2005 2:40 pm **Posts:** 156

Anyone can advice please ?

Y3PP3R · **Joined:** Tue Nov 29, 2005 11:03 am **Posts:** 14

Amine wrote:

Anyone can advice please ?

Use this:

Quote:

Using the 1.0.7 login module seems to be a decent workaround

wyzemoro · **Posted:** Sun Mar 12, 2006 12:32 am

if it really can't be help. roll back to 1.0.7 until the issues at 1.0.8 will be fixed.

wait for 1.0.9 release.. maybe 2weeks from now or more.

draysniro · **Joined:** Tue Nov 08, 2005 9:33 am **Posts:** 26

Y3PP3R wrote:

Amine wrote:

Anyone can advice please ?

On line 43, where it says: = $params->def( 'name', 1 );

Change it to this: = $params->def( 'username', 1 );

I'm using Apache and the stated fix of changing !== to != (both of them) on line 20 fixed my double URL problem.

camos · **Joined:** Thu Aug 18, 2005 2:39 am **Posts:** 1035

Seems that something was changed between 1.0.7 and 1.0.8 that messed up the way the login module works with IIS in particular. Normally I do not use the login module but go direct to com_login and have not experienced any problems other than the Hi 0 thing. Just had a look at the login module and not only is the previously mentioned double domain address happening but it is also picking up the port as well. This site is on IIS6 and is connecting through a proxy so the Website is actually on http://domain.com:81 and that is what is getting picked up. It is the proxy that translates the connection from port 80 and direct access to port 81 is forbidden from the public side.

The problem would appear to be that the login module is talking directly to the Webserver rather than using $mosconfig_live_site for the URL or however the process was handled in 1.0.7. This may not be just a problem with IIS and could be a problem with any siteserver running through a proxy server.

This is what happens:
Click on login and get a page with the message:
Object Moved
This document may be found here. ("here" is linked to https://domain.com:81)

The message page URL is normal http://domain.com/index.php

The login does not fail. Returning to the site directly or by pressing the back button finds the user logged in.

Just thought I would add these observations so the "fix" coming out in 1.0.9 will hopefully address the whole problem.

Cheers

Joomla! Discussion Forums

1.0.8 :: LOGIN MODULE: redirection error on IIS (http>https)

Quick reply

Who is online