Page 3 of 4

Re: [MEDIUM:UNDER REVIEW:1.0.9>] Login form problem

Posted: Tue Oct 10, 2006 9:43 am
by Robin
Hi,

@ TheWagner, the developers are investigating this problem and have partially confirmed the problem. So hopefully the problem will be solved in the next release. We are doing out best to accomplish this and are aware of the problems it's causing.

Regards Robin

Re: [MEDIUM:UNDER REVIEW:1.0.9>] Login form problem

Posted: Wed Oct 11, 2006 1:55 am
by Ak5intoe
Please move this thread to the sticky area of the category to give it more visibility.

I've been fighthing this issue for 4 days and just found this thread.

Re: [MEDIUM:UNDER REVIEW:1.0.9>] Login form problem

Posted: Wed Oct 11, 2006 2:26 am
by domihal
Hi,

i´m having the same problem on my site (after login, user menu does not show, but user is logged in. hope you´re still talking about that ^^). But my local installation works perfectly, so i think the problem is the redirecting proxy server we use. My guess would be, after the login, the proxy gets the login page from its cache and doesn´t update it.

Hope this helps

Re: [MEDIUM:UNDER REVIEW:1.0.9>] Login form problem

Posted: Thu Oct 12, 2006 11:14 am
by SergyDev
Hi, guys.

I'm having same issue with a Remeber me check box that leads to pop up You are not authorized window when checked.
I read all posts on 3 topics but found nothing that could really help.

Otherwise I noticed that I had this issue only for site that were deployed in a non root directory.

Can it cause a problem?

Re: [MEDIUM:UNDER REVIEW:1.0.9>] Login form problem

Posted: Thu Oct 19, 2006 9:59 pm
by Nig
This is not just a problem on my own sites, but with others I visit. For example, iJoomla.com. This is really going to start hurting some sites if it isn't dealt with. I mean, who's going to bother revisiting a place which can't apparently work properly?

For me, I've got round it by clicking the Remember Me button, but that doesn't seem to be a standard solution at all. I can login using my wife's computer but not mine. I can't isolate what it is that's the problem, and that's just frustrating.

I really REALLY hope that it can be dealt with soon.

Nig

Re: [MEDIUM:UNDER REVIEW:1.0.9>] Login form problem

Posted: Sat Oct 21, 2006 10:30 pm
by friesengeist

Re: [MEDIUM:UNDER REVIEW:1.0.9>] Login form problem

Posted: Sun Oct 22, 2006 3:24 am
by Nig
Thanks for the heads up. I'll wait a bit to see if other problems are found before I use it on my live sites.

Nig

Re: [MEDIUM:UNDER REVIEW:1.0.9>] Login form problem

Posted: Sun Oct 22, 2006 2:21 pm
by sosokeys
God bless you Ford,

Re: [MEDIUM:UNDER REVIEW:1.0.9>] Login form problem

Posted: Fri Nov 03, 2006 8:21 pm
by mlines
As my site is fully live I cannot try the suggested changes.

My site - http://www.tv4x4.co.uk - redirects to http://www.lines-associates.com/NewHome

IE6.0  7.0 and Firefox 1.X and 2.0 users can login fine.

AOL users get "you are not authorized to view this resource" when clicking on login.

Just wanted to post to register my interest in the issue.

PHP built On:  Linux infong 2.4 #1 SMP Thu Jan 13 08:59:31 CET 2005 i686 unknown 
Database Version:  5.0.26-standard-log 
PHP Version:  4.4.4 
Web Server:  Apache/1.3.33 (Unix) 
WebServer to PHP interface:  cgi 
Joomla! Version:  Joomla! 1.0.11 Stable [ Sunbow ] 28 August 2006 20:00 UTC 
User Agent:  Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 1.1.4322) 

Re: [MEDIUM:UNDER REVIEW:1.0.9>] Login form problem

Posted: Fri Nov 03, 2006 8:24 pm
by Robin
Hi
AOL users get "you are not authorized to view this resource" when clicking on login.
There is a security setting (level) in Global configuration that can be changed so AOL users do not experience login problems. You might want to try that.

Re: [MEDIUM:UNDER REVIEW:1.0.9>] Login form problem

Posted: Fri Nov 03, 2006 8:33 pm
by mlines
Thanks for the prompt reply.

I should have mentioned that I have set the security to level 2 (I try to search the archives before rasing problems  :) ) - which is recommended for AOL login - the users are still having problems (although if it is an associated cache/proxy problem it has been less that an hour since I made the change and it is possible that something has not flushed from the AOL system I suppose)

Re: [MEDIUM:UNDER REVIEW:1.0.9>] Login form problem

Posted: Tue Nov 07, 2006 4:41 am
by ets_tempest
I may have a useful fix for sites that need to support AOL users.
After referencing some great AOL browser debug information here.
I modified index.php's handling of cache headers:

Code: Select all

<?php 
if( strpos($_SERVER['HTTP_USER_AGENT'], 'AOL') !== false ) { //this is an aol user
	header("Cache-Control: no-store, private, must-revalidate, proxy-revalidate, post-check=0, pre-check=0, max-age=0, s-maxage=0");	
}else{
	header( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
	header( 'Cache-Control: no-store, no-cache, must-revalidate' );
	header( 'Cache-Control: post-check=0, pre-check=0', false );
	header( 'Pragma: no-cache' );	
}
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
?>
WFM. Buyer beware. Your mileage may vary.

Re: [MEDIUM:UNDER REVIEW:1.0.9>] Login form problem

Posted: Tue Nov 07, 2006 8:11 am
by mlines
Thanks,

I have popped the mod onto my site and asked the AOL users to look at it (I cannot be bothered to set up an AOL browser system myself!)

Re: [MEDIUM:UNDER REVIEW:1.0.9>] Login form problem

Posted: Tue Nov 07, 2006 8:23 pm
by mlines
I am not sure that I put it in the correct place as I could not find exactly the code line in Index.php

This is where I put it (with a few lines of surrounding code to show where it fitted)


ob_end_clean();

initGzip();

if( strpos($_SERVER['HTTP_USER_AGENT'], 'AOL') !== false ) { //this is an aol user
header("Cache-Control: no-store, private, must-revalidate, proxy-revalidate, post-check=0, pre-check=0, max-age=0, s-maxage=0");
}else{


header( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
}

// display the offline alert if an admin is logged in
if (defined( '_ADMIN_OFFLINE' )) {
include( $mosConfig_absolute_path .'/offlinebar.php' );
}



The new effect is that AOL users cannot logon at all (before this it was intermittent)

Martin.

Re: [MEDIUM:UNDER REVIEW:1.0.9>] Login form problem

Posted: Wed Nov 08, 2006 1:14 am
by ets_tempest
That's certainly an interesting effect.
I'm not certain how this change to cache headers would block your AOL users unless it actually enables the caching of your site (the exact opposite of the intent) on the AOL servers and thereby delivers a copy of an unauthenticated page to every user.

Re: [MEDIUM:UNDER REVIEW:1.0.9>] Login form problem

Posted: Wed Nov 08, 2006 9:18 am
by mlines
There is another issue in that I cannot see the problem myself as I do not have AOL. However, I will build a fresh partition on my machine this weekend and will create an AOL presence in the hope that I can see better what is being reported by the users.

At the moment I have persuaded the AOL users to download Firefox which is working well (of course!). If you have AOL access then feel free to create an account on http://www.tv4x4.co.uk and look at the problem directly.

Re: [MEDIUM:UNDER REVIEW:1.0.9>] Login form problem

Posted: Wed Nov 08, 2006 4:12 pm
by ets_tempest
mlines wrote: At the moment I have persuaded the AOL users to download Firefox which is working well (of course!). If you have AOL access then feel free to create an account on http://www.tv4x4.co.uk and look at the problem directly.
Note that I made a mod to my original code in the post above and moved the Last-Modified header outside the conditional so that it is set for all users including AOL users.

Since Firefox resolves the users' issues, it would seem that your pages are not being cached by AOL servers and that this is instead an IE specific issue. According to Microsoft, IE refreshes pages where the Expires header is set to -1. So, I further tweaked the cache settings:

Code: Select all

<?php 
if( strpos($_SERVER['HTTP_USER_AGENT'], 'AOL') !== false ) { //this is an aol user
	header("Cache-Control: no-store, private, must-revalidate, proxy-revalidate, post-check=0, pre-check=0, max-age=0, s-maxage=0");	
	if( strstr($_SERVER['HTTP_USER_AGENT'],'MSIE') ) { //AOL users with IE only
		header("Expires: -1");		
	}	 		
}else{
	header( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
	header( 'Cache-Control: no-store, no-cache, must-revalidate' );
	header( 'Cache-Control: post-check=0, pre-check=0', false );
	header( 'Pragma: no-cache' );	
}
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
?>

Re: [MEDIUM:UNDER REVIEW:1.0.9>] Login form problem

Posted: Wed Nov 15, 2006 7:18 am
by Robin
Q&T Note; we have seen enough report on this issue  ;) It's now logged on the trakcer to get sorted if possible.

Tracker link; http://forge.joomla.org/sf/go/artf6765?nav=1

I'd like to ask users not to add unnecessary replies, or off topic replies so we can keep this one clear for analysys. Thanks!

Re: [MEDIUM:TRACKER 6765:1.0.9>] Login form problem

Posted: Wed Nov 15, 2006 8:22 pm
by toasted
Here's what I did, maybe it will help. Joomla 1.011 and CB. I removed the username and password fields from the CB login module and added a .jpg image called "login". This image is linked to "index.php?option=com_login&Itemid=88888888" which takes you to a login module that works the first time.

It's a work around yea but maybe someone could take a good look at why com_login works and the stock login modules do not.

Even with this module, my text boxes are not auto-populated unless there is no www in the url.

Re: [MEDIUM:TRACKER 6765:1.0.9>] Login form problem

Posted: Tue Nov 21, 2006 1:34 pm
by toasted
Just so you know, when I visit my site in Linux with Firefox I am still logged in. No need to log in at all. This is the only combination that this has ever happened on for me with Joomla!. All Windows browsers do not work this way and I think they should. I always have to log in when using Windows and as you know sometimes more than once. Thought it might help, and please do not break Linux while fixing Windows!!

Re: [MEDIUM:TRACKER 6765:1.0.9>] Login form problem

Posted: Tue Nov 21, 2006 1:49 pm
by friesengeist
toasted wrote: It's a work around yea but maybe someone could take a good look at why com_login works and the stock login modules do not.
It's because you are already on the correct site after you clicked on the link leading you to the login component. This way, you will always send a valid cookie to the server, while this is not done when visiting http://www.domain.xyz first, while the livesite is set to domain.xyz.
toasted wrote: Just so you know, when I visit my site in Linux with Firefox I am still logged in. No need to log in at all. This is the only combination that this has ever happened on for me with Joomla!. All Windows browsers do not work this way and I think they should. I always have to log in when using Windows and as you know sometimes more than once. Thought it might help, and please do not break Linux while fixing Windows!!
I guess you have the Remember-Me option activated when logging in on the linux box? Otherwise, there is no way you can be logged in without entering a PW. If you click "Logout" once on that box, you will notice that you are not automatically logged in next time.

To enable the Remember-Me function, I had to allow Firefox to store cookies from my site permanently! If this is not enabled, Firefoy will delete the cookie when it gets closed. That's probably what happens to you an Windows.

Re: [MEDIUM:TRACKER 6765:1.0.9>] Login form problem

Posted: Tue Nov 21, 2006 1:56 pm
by toasted
I have tried the remember me option in Windows too.. FF, IE, Opera, etc... they are all the same in Windows in that the feature does not work. All 3 installs of mine are the same. I'm thinking of the average user that visits my site, just like this forum and many others. I don't want to have to give them instructions on how to use my site. Change this, do this, go here and there... nope that is definately not a good situation.  When I arrive at a site I like to be logged in automatically and not have to do it each time. That is what happens to me in Linux, it just works.

Re: [MEDIUM:TRACKER 6765:1.0.9>] Login form problem

Posted: Tue Nov 21, 2006 2:01 pm
by friesengeist
toasted wrote: I have tried the remember me option in Windows too.. FF, IE, Opera, etc... they are all the same in Windows in that the feature does not work. All 3 installs of mine are the same. I'm thinking of the average user that visits my site, just like this forum and many others. I don't want to have to give them instructions on how to use my site. Change this, do this, go here and there... nope that is definately not a good situation.  When I arrive at a site I like to be logged in automatically and not have to do it each time. That is what happens to me in Linux, it just works.
There is nothing we can do about the security configuration of a user's browser. If your users want to stay logged in, they need to adjust their local broser configuration, so that they keep cookies (at least for your site) even when the browser gets closed.

Re: [MEDIUM:TRACKER 6765:1.0.9>] Login form problem

Posted: Tue Nov 21, 2006 2:03 pm
by toasted
My browser is stock... no changes. When I visit this forum I am automatically logged in. Nothing to do. When I go to my Joomla installs, I have to log in.

So its not the browser.

Re: [MEDIUM:TRACKER 6765:1.0.9>] Login form problem

Posted: Tue Nov 21, 2006 2:06 pm
by friesengeist
toasted wrote: My browser is stock... no changes. When I visit this forum I am automatically logged in. Nothing to do. When I go to my Joomla installs, I have to log in.

So its not the browser.
Okay, do you have an URL (post here or send by PM) where I can check this? (With my browser ;))

Re: [MEDIUM:TRACKER 6765:1.0.9>] Login form problem

Posted: Tue Nov 21, 2006 2:13 pm
by toasted
Sure:
deleted
Its a test install

Re: [MEDIUM:TRACKER 6765:1.0.9>] Login form problem

Posted: Tue Nov 21, 2006 2:34 pm
by friesengeist
No remember-me cookie gets set at all. Might be a Community Builder problem though, we'll need to check this out.
As it's a test site, could you maybe activate the default Joomla! login module, instead of the CB login module, for a short time?

Re: [MEDIUM:TRACKER 6765:1.0.9>] Login form problem

Posted: Tue Nov 21, 2006 2:37 pm
by toasted
Sure and I will make you an admin too, have fun  :)

Re: [MEDIUM:TRACKER 6765:1.0.9>] Login form problem

Posted: Tue Nov 21, 2006 2:39 pm
by toasted
done, and dont worry, you can make any changes you want

Re: [MEDIUM:TRACKER 6765:1.0.9>] Login form problem

Posted: Tue Nov 21, 2006 5:33 pm
by friesengeist
Okay, thanks a lot, toasted! This is just another login issue, which is new to me. It's a bug in IIS 5.0 (as far as I know only when running in CGI mode).

If a script wants to do a header redirect, like it is done in Joomla! after login and logout, all cookies and all other header data gets discarded. That's why you never received cookies upon login, if Remember-Me was set. More about this bug can be found here: http://bugs.php.net/bug.php?id=14636

Joomla! can't do much about it, except for avoiding header redirects, and switching to JavaScript or HTML-Metadata redirects. As a proof of concept, I've done that at your site, using a mambot. (You will probably find a few older versions as well in /mambots/system, they didn't uninstall properly due to file permissions). Now this mambot can only be seen as a proof of concept. I doubt it that we will try to circumvent this IIS Bug in Joomla! 1.0.12. Changes would (in my opinion) be a little bit too big, and might cause issues with other servers. I'll ask on the dev list about this though.

The mambot will not work for Community Builder, as it only hooks up on the normal Joomla! login process. But at least one more mystery about failed logins is solved now!