wrong forwarding after login wrong forwarding after login
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

wrong forwarding after login

Started by bugreport?, July 28, 2004, 03:31:08 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

bugreport?

I just upgrade from 1.3.0 to 1.3.1, but i still have the following problem:

If I start the browser (no matter Mozilla or IE) and login, the server always reply
"Site does not exist".

The problem is the following.

This is my Address:

mysubdomain.provider.com

coppermine is in mysubdomain.provider.com/gallerie/

so when i start the browser and login, coppermine want to forward me
to
mysubdomain.provider.com/mysubdomain/gallerie/

instead of
mysubdomain.provider.com/gallerie/

This fault only happens after the first time the browser is started.
If I logout and login again it will work properly.

The site is password protected - it is useless to post a link to it!!!

Tarique Sani

This is not enough information for us to help you resolve the problem. A shot in the dark would be - the address to the gallery in config is wrong.
SANIsoft PHP applications for E Biz

bugreport?

Where to set this option?
The Setting in the Admin Interface (general settings/options) have the right path
to the gallery - settings are correct => mysubdomain.provider.com/galerie/

It might be possible, but why it works after first time login logout?

I do not know what kind of additional information i could give to you !?

I just can explain the single steps again:

1. start Browser
2. open gallery
3. click login

The variable "$referer" on this point already has a wrong value:

mysubdomain.provider.com/mysubdomain/galerie

4. enter password and user
5. click login
6. "page not found"
7. push "back" button
8. click on any other menue => works! (login succeeded!)
9. logout
10. login

The variable "$referer" on this point has a correct value:

mysubdomain.provider.com/galerie

11. login forward correct




chaggydawg

I have this exact problem also, been trying to figure it out for a couple days, (which is rough cause I barely read php code) it's like  CPG refuses to not use the full directory path regardless of subdomain illiminating a portion of the path.

for example,    

subdomain1.chaggy.com   is the same as     www.chaggy.com/subdomain1/

but whenever cpg tries some sort of redirect (save config, login, etc.)    you end up getting sent to

subdomain1.chaggy.com/subdomain1/

which doesn't exist at all

there must be somewhere in functions/config/whatever that is combing the true path of CPG and the subdomain

http://subdomain1.chaggy.com             +            /subdomain1/

which is just wrong all together and doesn't exist

it needs to somehow knock  like 1 directory level off the path....

so   /subdomain1/folder1/folder2/        would become     /folder1/folder2/


hopefully this info helps anyone understand and doesn't confuse the question even more....

Tranz

What do you have in the ecard target in Config?

Nibbler

It's due to your server vars being unusually setup. If you look in init.inc.php:

$PHP_SELF = isset($HTTP_SERVER_VARS['REDIRECT_URL']) ? $HTTP_SERVER_VARS['REDIRECT_URL'] : $HTTP_SERVER_VARS['SCRIPT_NAME'];



that is the path used for internel redirecting. If you can display the contents of $HTTP_SERVER_VARS or $_SERVER then you can pick a variable that holds the correct path. You can do this with a phpinfo file or by running:

<?php
print_r
($_SERVER);
?>

chaggydawg

thanx Nibbler :)

I solved the problem with a string replace:


$PHP_SELF = isset($HTTP_SERVER_VARS['REDIRECT_URL']) ? $HTTP_SERVER_VARS['REDIRECT_URL'] : str_replace("family/","",$HTTP_SERVER_VARS['SCRIPT_NAME']);



in my case I just needed it to leave out the  "family/"   part

I'll post back here if this little mod causes any problems in the future   :)

Though maybe a future simple simple mod:   add a "subdomain folder variable"  and have it removed from   $HTTP_SERVER_VARS['SCRIPT_NAME']     variable wherever applicable....  but eh I don't really know much about it, maybe this is a very unique situation.....  something for the big boys to think on heh

thanx again

chaggydawg

also I just changed in  util.php   the line


$phpself = $_SERVER['PHP_SELF'];


to


$phpself = isset($HTTP_SERVER_VARS['REDIRECT_URL']) ? $HTTP_SERVER_VARS['REDIRECT_URL'] : str_replace("family/","",$HTTP_SERVER_VARS['SCRIPT_NAME']);


and that made that work too...

sergioamaya

Quote from: chaggydawg on March 27, 2005, 12:44:17 AM
also I just changed in  util.php   the line


$phpself = $_SERVER['PHP_SELF'];


to


$phpself = isset($HTTP_SERVER_VARS['REDIRECT_URL']) ? $HTTP_SERVER_VARS['REDIRECT_URL'] : str_replace("family/","",$HTTP_SERVER_VARS['SCRIPT_NAME']);


and that made that work too...

Thanks guy! That really helped me.... I code PHP pretty often since I work with it but it took me quite a long time to see that they had re-defined the $PHP_SELF variable in the coppermine init.inc.php file... In my honest opinion I think that's a really awful coding error... In general you should not re-define PHP's environment variables but rather rename them and then modify them...

What would have costed to call it rather $PHP_SELF_CPG or whatever...

The funny thing is that you really see it is a bug in the code... For instance if I use a simple PHP file with the code <? phpinfo() ?> then it returns PHP_SELF=/coppermine/phpinfo.php

But if I use their phpinfo.php file I get:
PHP_SELF=/www.mydomain.com/coppermine/phpinfo.php

And of course the lower option is gonna make the wholesite crash since the URL's that are created are like:
http://www.mydomain.com/www.mydomain.com/coppermine/index.php

Which is ridiculous...

Thanks again!

:-\\