The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Redirect problem on all private pages
#1
What is the problem with US not able to redirect and load all private pages on different servers? It all works fine on my local PC but series of problems when moved to a shared server.

Initially was multiple slashes then noticed that it doesnt wanna load all private pages Sad
Anyone else having this problem and any suggested way out? I've gone through and tried all info found in here but none seem to work Sad

PLEASE HELP!!!!!!!!!
  Reply
#2
Slashes come from having something like

$us_url_root.'/

or

<?=$us_url_root?>/

Basically the $us_url_root has the final / in the variable itself, so if somewhere in your code (search the whole project) you have one of the above two instances, every time that is pinged, you're going to add a slash to the url. It's usually in your usersc/scripts/custom_login_script.php

I don't understand the not loading private pages? What's happening?

Is the menu loading and then the page being killed?

If you want to see if it is your own security killing the page, go to one of your pages and change
<?php if (!securePage($_SERVER['PHP_SELF'])){die();} ?>
to
<?php if (!securePage($_SERVER['PHP_SELF'])){die("This page has been killed for security reasons");} ?>

If you get that message, then the securePage is killing the page for some particular reason and we can go from there.

Finally, what version of PHP are you running?

  Reply
#3
Hi @mudmin,

Apologies for replying late. I was trying to figure out if I was the one that has got things messed up. But unfortunately, everything works fine on my local computer.

I have searched everywhere if there is any occurrence of $us_url_root.’/ or < ?=$us_url_root?>/ but none exists.

Initially on the shared server, if I access the private pages from Chrome, it loads for about 15 secs and then adds like 10 slashes and dies. But on a Maxthon browser, I could see the redirection back and forth between for eg 'users/account.php' and 'users/index.php'. Every time it redirects back and forth, it adds an extra slash. So 10 redirects just after log in will result in 10 slashes before dying.

Funny enough, I have "< ?php if (!securePage($_SERVER['PHP_SELF'])){die();} ?>" on all pages, but once I change any page to private then try to navigate, I just get the wierd multi redirection before the page dies. I added the message in both private and public pages but none of the pages showed any message. Now all it does is redirect to 'index.php' if accessing any private page.

And another thing is, I push the code to another shared server and nothing works atall. It's like it's not allowing DB connection. Dont know what to do.

I'm using version 4.1.8c
  Reply
#4
Hi

I also have the problem with version 4.2.3 both on my wamp and public server php 5.6 it only affects admin logins as far I can tell.

The solution for me on login was change /usersc/scripts/custom_login_script.php

comment out the redirect as below adding a redirect simply to index

//Redirect::to($us_url_root.'users/account.php');
Redirect::to('../index.php');

But this only solved the first login if I want to see my account page it goes into a redirect loop again and the browser stops the 302 redirect between users/account.php and users/index.php after 10 attempts with an error:

"The page isn’t redirecting properly"

So I place an echo statement at the begining of both pages.

$url="http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
echo "In account.php ".$url;
if (strstr($url,'///////')) exit;

The echo is displayed in the browser, so the redirect is not from .htaccess and must be in the php somwhere.

Checking out admin level differences to see I can spot anything.

......

  Reply
#5
I have changed the redirect in users/index.php to:

Redirect::to('../users/account.php');

this got rid of the multiple slashes in the url but the redirect is still happening 10 times with the same error... so no fix yet....
  Reply
#6
The slashes are definitely server-version dependent because I don't see them on all versions . What about just putting your full url in there? Like

Redirect::to('https://mdydomain.com/users/account.php');
  Reply
#7
I have installed UserSpice v 4.2.6 on Windows 10 running Ampps. My favoured browser is Firefox.

I have not added any additional pages, but the redirect problem shows on some links after logging in.

A possible explanation can be found on https://ctrl.blog/entry/relative-double-slashes-url

A quick fix might be to make this change to users/classes/Redirect.php

from

<pre>
Code:
if (file_exists($prefix.$location)) {

$location = $prefix.$location;
    
break;

}
</pre>



to

<pre>
Code:
if (file_exists($prefix.$location)) {

$location = $prefix.$location;
        
$location = preg_replace('~/{2,}~', '/', $location);

break;

}
</pre>



The additional code will replace all multiple occurrences of a slash with a single slash before being used by redirect.
  Reply
#8
I REALLY like that solution. Thanks for that. I'm going to take a look at that. I hate the slashes issue. It comes and goes depending on browser/server configs.
  Reply
#9
On my configuration i only have problems with Safari, but it's still extremely annoying

client:
macos 10.12.4
safari 10.1

server:
Ubuntu 16.04.2
apache 2.4.18
php 7.0.15
  Reply
#10
I can't believe I missed this solution! Please put this into UC if you can @Mudmin! I don't want to edit core files but I gotta!

@Palmeros, did you try the solution above? It is still causing problems?
  Reply


Forum Jump:


Users browsing this thread: 4 Guest(s)