PHP4 and mysql auth lead to redirect loop
Brought to you by:
lim
Menu
▾
▴
#2 PHP4 and mysql auth lead to redirect loop
I'm attempting to set up phpSched per directions in the
INSTALL file, but on 5b, when i get index.php3 and
attempt to log in as "admin" with password "", my
browser (Mozilla) gives me the message "Redirection
error: infinite loop detected", which comes from URL
jar:resource:///chrome/comm.jar!/content/necko/redirect_loop.xul
I have verified that $CONFIG['mysqlauth']=1.
Trying to do the same thing in lynx gives a little more
info about what's going on: it loops through the messages:
Location URL is not absolute
and
Using
http://localhost.localdomain/phpSched/chpass.php?msg=Your+password+is
(and i can't read the rest of the message).
The only thing about my configuration that might be
weird is that i hacked the Apache httpd.conf file to
treat .php3 files as PHP 4 files, since i'm using PHP 4.
I will now try use Apache authentication instead, or in
reality just disable all authentication for now to see
if it works "at all".
Note also that the INSTALL doc says to make sure
$CONFIG['mysqlauth']=1 for MySQL auth, when in reality
i believe the default value at distribution is 1, so
that there should be a reminder to set it to 0 if using
Apache authorization.
Logged In: YES
user_id=392466
I've been playing around a bit with this, and here's what
i've found:
If i hack out the offending line 26 of auth.inc.php3, the
one that says
Header("Location:
chpass.php3?msg=Your+password+is+expired.+Please+choose+new+password.");
then i can bootstrap myself to get it going and change the
admin password. Once it's going, if i hack it back in,
everything is fine. However, if i use some SQL like
update users set password = PASSWORD("") where user =
'billybob';
then logging in as billybob will make the problem recur.
Of course you wouldn't ever want to set the password like
that in real life, but it's useful to troubleshoot that this
seems to happen any time a password is the empty string.
I'm still going through the code, but i assume the problem
is in the includes at the top of chpass.php3:
require('config.inc.php3');
require('lib.inc.php3');
require('dept.inc.php3');
require('shift.inc.php3');
This file is the one that's the target of the redirection
whenever auth.inc.php3 detects an empty password; apparently
one of these requires is causing circularity.
If i hack in some HTML at the very top of chpass.php3 then
it short-circuits the circularity (because it's too late to
add HTTP headers), so i get something resembling normal output.
Anyway, i will keep hunting this down....
Logged In: YES
user_id=392466
See http://www.phpbuilder.com/forum/read.php3?
num=2&id=100077&thread=100033 for a discussion of how to
fix circular include issues. (AFAIK these should be
includes in the conditionals and not requires.)
Logged In: YES
user_id=392466
The problem was that
1. auth.inc.php3 was redirected to chpass.php3 in the case
where password is blank, but
2. chpass.php3 was indiscriminantly require-ing lib.inc.php3
3. lib.inc.php3 was require-ing auth.inc.php3.
I'm now putting a patch up to fix this.
Logged In: NO
This looks exactly like what I am looking for for my users. I tried the work around and still could not get it to let me log in the first time.
Can someone give me a nudge in the right direction?
Logged In: NO
This looks exactly like what I am looking for for my users. I tried the work around and still could not get it to let me log in the first time.
Can someone give me a nudge in the right direction?