Admin Login Redirect Loop

SmithPlatts commented 6 years ago

Installing on local system for testing:

Ubuntu 16.04
Apache 2.4.18
PHP 5.6
MySQL 5.6

Once setup, attempt to login to http://localhost:672/admin which passes through all the PHP and JS validation, to redirect back to http://localhost:672/admin, which loses all session information on the 301 and kicks you to http://localhost:672/admin/login.php?n=eas4.

I've tried sub-folders, root folders, extra permissions, less permissions. I've blown away and rebuild/setup the site from scratch MANY times. Have re-configured MySQL, both databases and users, MANY times.

What the hell am I doing wrong???

Web trace, no errors. Zenbership, no errors. Apache, no errors.

Redacted99 commented 6 years ago

I ran into this when I did not have MySQL configured correctly as described in issue #84

SmithPlatts commented 6 years ago

I have my MySQL configuration to use the same as prodigy151's reply in that issue:

mysql> SELECT @@GLOBAL.sql_mode;
+-----------------------------------------------------------------------------------------------------------------+
| @@GLOBAL.sql_mode                                                                                               |
+-----------------------------------------------------------------------------------------------------------------+
| IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION |
+-----------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

Still end up in a lovely redirect 😞

SmithPlatts commented 6 years ago

I've nuked it all and changed MySQL to use 'TRADITIONAL' explicitly:

SET GLOBAL sql_mode='TRADITIONAL';
SELECT @@GLOBAL.sql_mode;
+------------------------------------------------------------------------------------------------------------------------------------------------------+
| @@GLOBAL.sql_mode                                                                                                                                    |
+------------------------------------------------------------------------------------------------------------------------------------------------------+
| STRICT_TRANS_TABLES,STRICT_ALL_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,TRADITIONAL,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION |
+------------------------------------------------------------------------------------------------------------------------------------------------------+

Again, redirect loop.

jbelelieu commented 6 years ago

Does it work when you click "Remember Me"?

SmithPlatts commented 6 years ago

Sorry @jbelelieu, but even that option doesn't work; I get redirected back to the login page with session info wiped.

To be sure, I nuked it all again:

Nuked DB and users, stopped MySQL, re-configured sql-mode in my.cnf, started MySQL and created the DB and user
Stopped Apache, nuked all configured sites, re-downloaded from master, extracted, configured, started Apache, and ran setup
Same. Damned. Issue.

What the hell am I doing wrong?

SmithPlatts commented 6 years ago

Running php /var/www/zenbership/admin/cp-cron/index.php, I noticed the following error:

Notice: Undefined index: REMOTE_ADDR in /var/www/zenbership/admin/sd-system/loader.php on line 38

When commenting out the if and using just the debug, I now get:

<h1>Events</h1><h1>Subscriptions</h1>
Notice: Undefined index: REMOTE_ADDR in /var/www/zenbership/admin/cp-classes/universal.class.php on line 183
Notice: Undefined index: HTTP_HOST in /var/www/zenbership/admin/cp-classes/db.class.php on line 1536
Notice: Undefined index: HTTP_HOST in /var/www/zenbership/admin/cp-classes/db.class.php on line 1539
Notice: Undefined index: HTTP_HOST in /var/www/zenbership/admin/cp-classes/db.class.php on line 1540
Warning: Cannot modify header information - headers already sent by (output started at /var/www/zenbership/admin/cp-cron/index.php:69) in /var/www/zenbership/admin/cp-classes/db.class.php on line 1500
Notice: Undefined index: REMOTE_ADDR in /var/www/zenbership/admin/cp-classes/universal.class.php on line 183
Notice: Undefined index: HTTP_HOST in /var/www/zenbership/admin/cp-classes/db.class.php on line 1536
Notice: Undefined index: HTTP_HOST in /var/www/zenbership/admin/cp-classes/db.class.php on line 1539
Notice: Undefined index: HTTP_HOST in /var/www/zenbership/admin/cp-classes/db.class.php on line 1540
Warning: Cannot modify header information - headers already sent by (output started at /var/www/zenbership/admin/cp-cron/index.php:69) in /var/www/zenbership/admin/cp-classes/db.class.php on line 1500
<h1>Invoices</h1><h1>Campaigns</h1><h1>DB Clean</h1>
Notice: Undefined index: REMOTE_ADDR in /var/www/zenbership/admin/cp-classes/universal.class.php on line 183
Notice: Undefined index: HTTP_HOST in /var/www/zenbership/admin/cp-classes/db.class.php on line 1536
Notice: Undefined index: HTTP_HOST in /var/www/zenbership/admin/cp-classes/db.class.php on line 1539
Notice: Undefined index: HTTP_HOST in /var/www/zenbership/admin/cp-classes/db.class.php on line 1540
Warning: Cannot modify header information - headers already sent by (output started at /var/www/zenbership/admin/cp-cron/index.php:69) in /var/www/zenbership/admin/cp-classes/db.class.php on line 1500
Notice: crypt(): No salt parameter was specified. You must use a randomly generated salt and a strong hash function to produce a secure hash. in /var/www/zenbership/admin/cp-cron/db_clean.php on line 90
Notice: crypt(): No salt parameter was specified. You must use a randomly generated salt and a strong hash function to produce a secure hash. in /var/www/zenbership/admin/cp-cron/db_clean.php on line 90

Related?

Martinsure commented 5 years ago

@SmithPlatts Same issue here. Did you solve it?

yagoalon commented 5 years ago

Hi! did you try to login on a hidden window? I did have that error also, and I fixed login in a hidden windows and deleting browser data.

Martinsure commented 5 years ago

@yagoalon WORKED. Thanks a lot

SmithPlatts commented 5 years ago

@martinsure nope, never did find a solution and in the end ran out of time, so we went with Wild Apricot; still keen to jump back and have another try one day. @yagoalon that I did try, and in my case it didn't help.

artoo-git commented 5 years ago

@yagoalon .. after a clean install on:

Apache/2.4.38 (Debian) <- this is development environment (zenbership run on localhost) mariadb-10.3 PHP Version 7.3.2-3

Admin does not login and a red "redirect" appears on top of the login form. I suppose this is the same issue as above.

php /var/www/zenbership/admin/cp-cron/index.php gives 1 warning and 1 notice:

PHP Warning: Use of undefined constant PP_PATH - assumed 'PP_PATH' (this will throw an Error in a future version of PHP) in /var/TFH/admin/sd-system/loader.php on line 36 PHP Notice: Undefined index: REMOTE_ADDR in /var/TFH/admin/sd-system/loader.php on line 38

Stuck here. no joy.

artoo-git commented 5 years ago

.... then I have tried to login from /login.php instead of admin/login.php and I have selected the remember me option. The response is "login error" however, at the next attempt to access admin/login I was logged in as admin.

I have tried to reproduce the solution in a separate incognito session (firefox v65) but couldnt

castlamp / zenbership

Admin Login Redirect Loop #190