Moodle 1.4.4+ with pop3 authentication
As we get more and more new users, I have been seeing in logs more and more multiple attempts from users to log in using the same userid and password. Silly students I thought.
Well, I was just assisting someone using FireFox on WinXP and realized the reason: when I try to log in with a wrong password, FireFox pauses for a moment and redisplays the login page with no error message or clue that anything went wrong. So users keep trying to log in over and over.
Internet Explorer on Windows shows an error page with page can't be loaded. On Mac OS9, Netscape reports: the document contains no data and Safari on OSX says: Safari cant open the page http://141.89.100.242/moodle/login/index.php because it could not load any data from this location. Seems that FireFox is not handling this correctly but the true problem is with Moodle failing to send login page with error.
This problem is specific to pop3 authentication. When trying the same with admin access, which uses manual authentication, I get the error page from Moodle as expected. I also get proper error when using an invalid userid or when the pop server is out of business. Only wrong password has a glitch.
I thought to run this by all the clever people here before filing a bug report. I'd love a workabout that I can install immediately.
Didn't you already post about this? It looks like the imap open call from php hangs when a wrong username/password is supplied, instead of timing out as it ought to.
I posted earlier about the case when mail server was not responding and Moodle was taking a minute and half for timeout to occur. I haven't solved that one yet but it is less critical since the mail server is seldom offline.
With passwords now, the response is pretty much immediate, so I don't think the issue is with the imap code. At least not the same as with the other issue. I think that there is just a bug somewhere in pop3 module that it sends no response (actually, I think it sends a malformed response, otherwise I should get a blank page) in this case.
There is no problem with wrong username. Only with wrong password.
With passwords now, the response is pretty much immediate, so I don't think the issue is with the imap code. At least not the same as with the other issue. I think that there is just a bug somewhere in pop3 module that it sends no response (actually, I think it sends a malformed response, otherwise I should get a blank page) in this case.
There is no problem with wrong username. Only with wrong password.
I have checked today Moodle source files and server logs. My conclusion is that the problem is with imap_open function, that is with PHP 5.0.4 not Moodle itself.
The Moodle code is quite trivial so do speak. I thought it does more but it just calls imap_open and returns true or false depending on the result of that call. If imap_open returns correctly, Moodle should be making a log entry for each login attempt. I see such entries for wrong userid but not when password is wrong.
I also think now that the other error (long delay) is a side effect of the same problem.
The Moodle code is quite trivial so do speak. I thought it does more but it just calls imap_open and returns true or false depending on the result of that call. If imap_open returns correctly, Moodle should be making a log entry for each login attempt. I see such entries for wrong userid but not when password is wrong.
I also think now that the other error (long delay) is a side effect of the same problem.