Menu

#2 PHP4 and mysql auth lead to redirect loop

open
nobody
None
5
2002-02-18
2002-02-03
Philip Reed
No

I'm attempting to set up phpSched per directions in the
INSTALL file, but on 5b, when i get index.php3 and
attempt to log in as "admin" with password "", my
browser (Mozilla) gives me the message "Redirection
error: infinite loop detected", which comes from URL
jar:resource:///chrome/comm.jar!/content/necko/redirect_loop.xul

I have verified that $CONFIG['mysqlauth']=1.

Trying to do the same thing in lynx gives a little more
info about what's going on: it loops through the messages:

Location URL is not absolute

and

Using
http://localhost.localdomain/phpSched/chpass.php?msg=Your+password+is
(and i can't read the rest of the message).

The only thing about my configuration that might be
weird is that i hacked the Apache httpd.conf file to
treat .php3 files as PHP 4 files, since i'm using PHP 4.

I will now try use Apache authentication instead, or in
reality just disable all authentication for now to see
if it works "at all".

Note also that the INSTALL doc says to make sure
$CONFIG['mysqlauth']=1 for MySQL auth, when in reality
i believe the default value at distribution is 1, so
that there should be a reminder to set it to 0 if using
Apache authorization.

Discussion

  • Philip Reed

    Philip Reed - 2002-02-18

    Logged In: YES
    user_id=392466

    I've been playing around a bit with this, and here's what
    i've found:

    If i hack out the offending line 26 of auth.inc.php3, the
    one that says

    Header("Location:
    chpass.php3?msg=Your+password+is+expired.+Please+choose+new+password.");

    then i can bootstrap myself to get it going and change the
    admin password. Once it's going, if i hack it back in,
    everything is fine. However, if i use some SQL like

    update users set password = PASSWORD("") where user =
    'billybob';

    then logging in as billybob will make the problem recur.
    Of course you wouldn't ever want to set the password like
    that in real life, but it's useful to troubleshoot that this
    seems to happen any time a password is the empty string.

    I'm still going through the code, but i assume the problem
    is in the includes at the top of chpass.php3:

    require('config.inc.php3');
    require('lib.inc.php3');
    require('dept.inc.php3');
    require('shift.inc.php3');

    This file is the one that's the target of the redirection
    whenever auth.inc.php3 detects an empty password; apparently
    one of these requires is causing circularity.

    If i hack in some HTML at the very top of chpass.php3 then
    it short-circuits the circularity (because it's too late to
    add HTTP headers), so i get something resembling normal output.

    Anyway, i will keep hunting this down....

     
  • Philip Reed

    Philip Reed - 2002-02-18
    • summary: PHP and mysql auth lead to redirect loop --> PHP4 and mysql auth lead to redirect loop
     
  • Philip Reed

    Philip Reed - 2002-02-18

    Logged In: YES
    user_id=392466

    See http://www.phpbuilder.com/forum/read.php3?
    num=2&id=100077&thread=100033 for a discussion of how to
    fix circular include issues. (AFAIK these should be
    includes in the conditionals and not requires.)

     
  • Philip Reed

    Philip Reed - 2002-02-24

    Logged In: YES
    user_id=392466

    The problem was that

    1. auth.inc.php3 was redirected to chpass.php3 in the case
    where password is blank, but
    2. chpass.php3 was indiscriminantly require-ing lib.inc.php3
    3. lib.inc.php3 was require-ing auth.inc.php3.

    I'm now putting a patch up to fix this.

     
  • Nobody/Anonymous

    Logged In: NO

    This looks exactly like what I am looking for for my users. I tried the work around and still could not get it to let me log in the first time.

    Can someone give me a nudge in the right direction?

     
  • Nobody/Anonymous

    Logged In: NO

    This looks exactly like what I am looking for for my users. I tried the work around and still could not get it to let me log in the first time.

    Can someone give me a nudge in the right direction?

     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.