Windows server: Failed Login does not post back error to login.php (FastCGI for IIS Problem)

Windows server: Failed Login does not post back error to login.php (FastCGI for IIS Problem)

by Chris Shearing -
Number of replies: 13

Hello,

In testing the FastCGI for IIS component with PHP and moving away from ISAPI PHP implementation we have managed to develop a small problem with moodle login form, and I was wondering if anyone might have any idea what is causing this, or has encountered it in the past.

We are currently using front end moodle server with Windows 2003 Server/IIS6 and PHP 5.2.3. Our moodle back end server is Windows 2003 with MySQL 5.0.45 running on. PHP has been implemented in ISAPI mode, and everything running ok, but not very quickly (Front end server is 2xQuad Core XEON with 16GB memory, backend is 4xDual Core Xeon with 16GB memory and data on a 6 disk RAID10 array).

As an experiment we have changed over from ISAPI PHP to FastCGI for IIS. The speed increase is very noticeable, and moodle works fine, apart from a login issue.

When a user puts in an incorrect password on the moodle login screen IE6 gives a HTTP 500 internal server error message and Firefox 2 reports the following single text line (IP and hostname removed) for any user,

[client xxx.xxx.xxx.xxx] http://moodleurl Failed Login: admin Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6

Instead of reporting back to the moodle login page with “invalid password” appearing like normal (as happens when running in ISAPI mode)

What seems to be happening is the PHP error is not being sent back to the login.php to display correctly, and just appearing in the browser, but unfortunately I don’t have any idea why this would happen,

Is anyone able to help and shed some light on this for me please?

Thanks,

Chris Shearing
Network Manager
The Sixth Form College Colchester

Average of ratings: -
In reply to Chris Shearing

Re: Windows server: Failed Login does not post back error to login.php (FastCGI for IIS Problem)

by David McCormick -

Chris,

Just wondering if you ever resolved this issue.  I am experiencing the same error with an environment almost identical to yours.  Thanks.

David McCormick

Average of ratings: -
In reply to David McCormick

Re: Windows server: Failed Login does not post back error to login.php (FastCGI for IIS Problem)

by Pablo Castillo -
any one solve this problem, I search in google and dont have solution.
Average of ratings: -
In reply to Pablo Castillo

Re: Windows server: Failed Login does not post back error to login.php (FastCGI for IIS Problem)

by Pablo Castillo -
Solution for moodle version 1.7.4+ by PolyPill

http://forums.iis.net/p/1147542/1862415.aspx


lib/weblib.php


Comment out line 4766 (at least is that line in moodle 1.7.4)


For some stupid reason moodle sends a 303 response before a location redirect, comment that line out and everything will work fine.

I the version 1.8 dont work I test it.

I hope this solve the problem for some guy.


Average of ratings: -
In reply to Chris Shearing

Re: Windows server: Failed Login does not post back error to login.php (FastCGI for IIS Problem)

by Pablo Castillo -

this is the code but I dont know why occurs

function redirect($url, $message='', $delay=-1, $adminroot = '') {
4993
4994 global $CFG;
4995
4996 if (!empty($CFG->usesid) && !isset($_COOKIE[session_name()])) {
4997 $url = sid_process_url($url);
4998 }
4999
5000 $message = clean_text($message);
5001
5002 $url = html_entity_decode($url);
5003 $url = str_replace(array("\n", "\r"), '', $url); // some more cleaning
5004 $encodedurl = htmlentities($url);
5005 $tmpstr = clean_text('<a href="'.$encodedurl.'" />'); //clean encoded URL
5006 $encodedurl = substr($tmpstr, 9, strlen($tmpstr)-13);
5007 $url = html_entity_decode($encodedurl);
5008 $surl = addslashes($url);
5009
5010 /// when no message and header printed yet, try to redirect
5011 if (empty($message) and !defined('HEADER_PRINTED')) {
5012
5013  // Technically, HTTP/1.1 requires Location: header to contain
5014  // the absolute path. (In practice browsers accept relative
5015  // paths - but still, might as well do it properly.)
5016  // This code turns relative into absolute.
5017 if (!preg_match('|^[a-z]+:|', $url)) {
5018  // Get host name http://www.wherever.com
5019 $hostpart = preg_replace('|^(.*?[^:/])/.*$|', '$1', $CFG->wwwroot);
5020 if (preg_match('|^/|', $url)) {
5021  // URLs beginning with / are relative to web server root so we just add them in
5022 $url = $hostpart.$url;
5023 } else {
5024  // URLs not beginning with / are relative to path of current script, so add that on.
5025 $url = $hostpart.preg_replace('|\?.*$|','',me()).'/../'.$url;
5026 }
5027  // Replace all ..s
5028 while (true) {
5029 $newurl = preg_replace('|/(?!\.\.)[^/]*/\.\./|', '/', $url);
5030 if ($newurl == $url) {
5031 break;
5032 }
5033 $url = $newurl;
5034 }
5035 }
5036
5037 $delay = 0;
5038  //try header redirection first
5039 @header($_SERVER['SERVER_PROTOCOL'] . ' 303 See Other'); //302 might not work for POST requests, 303 is ignored by obsolete clients
5040 @header('Location: '.$url);
5041  //another way for older browsers and already sent headers (eg trailing whitespace in config.php)
5042 echo '<meta http-equiv="refresh" content="'. $delay .'; url='. $encodedurl .'" />';
5043 echo '<script type="text/javascript">'. "\n" .'//<![CDATA['. "\n". "location.replace('$surl');". "\n". '//]]>'. "\n". '</script>'; // To cope with Mozilla bug
5044 die;
5045 }
 
the problem is exactly related by PolyPill guy (on IIS Board), moodle sends a 303 response before a location redirect but I am unable to handle this.
Average of ratings: -
In reply to Pablo Castillo

Re: Windows server: Failed Login does not post back error to login.php (FastCGI for IIS Problem)

by Richard Enison -
PC,

As I glanced at the Moodle code you have reproduced in your post, I couldn't help noticing the use of the me function in line 5025. I think there is a very good chance that this is the cause of the problem. The problem with me, which I recently discovered and reported in http://moodle.org/mod/forum/discuss.php?d=85602#p393199, is that it returns the wrong URL.

Lets start at the beginning. When I googled "HTTP 303", here is what I found. 303 is not really an error code. It is a status code that a web server sends to the browser to tell it to redirect to another URL. You normally don't see it, because the browser immediately responds by carrying out the redirection. You might see it because the URL to be redirected to is missing, or invalid. That's where me comes in.

Now the me function in Moodle tries to get the path portion of the URL of the current page using predefined PHP global variables such as $_SERVER['REQUEST_URI']. In fact that is the first of three such variables me tries. If it finds it to be empty or undefined, it then tries the second, and so on. Problem is, under certain circumstances, $_SERVER['REQUEST_URI'], or one of the others, has the wrong value. One of those circumstances involves PHP under IIS. http://neosmart.net/blog/2006/100-apache-compliant-request_uri-for-iis-and-windows/ may or not help. The first thing I would do is try to find out what value me is returning by inserting a debug statement like

echo me();

or even

die(me());

which will cause the script to terminate, leaving the value of me on your browser screen, into the Moodle code.

RLE
Average of ratings: -
In reply to Richard Enison

Re: Windows server: Failed Login does not post back error to login.php (FastCGI for IIS Problem)

by seth washeck -
reviving an old post ...

win 2k8, iis7 and "native" fastcgi and am getting this login error

i debugged with the whole die(me()); thing and the value of "me" is correct: /login/index.php

any thoughts?
Average of ratings: -
In reply to seth washeck

Re: Windows server: Failed Login does not post back error to login.php (FastCGI for IIS Problem)

by Richard Enison -
SW,

Amazing! Finally, after 11 months of dead silence from CS and PC, a response to my post from January.
  1. Obviously, the me function wasn't the problem in your case.
  2. Have you read the earlier posts in this thread? In particular, the reference to the IIS forum thread about this problem (http://forums.iis.net/p/1147542/1862415.aspx)? Have you read that thread? Have you tried the suggestion in PolyPill's posts there about commenting out @header lines in lib/weblib.php and lib/filelib.php?
  3. You haven't said which version of Moodle you are using so it is impossible to say which line numbers apply in your case.
  4. I would only add, in response to PolyPill's comment

    For some stupid reason moodle sends a 303 response before a location redirect, comment that line out and everything will work fine.

    that it is not for any stupid reason that Moodle issues the 303 header before the location redirect. As I explained in my previous post in this thread, the 303 response is the location redirect. The Javascript version is there only in case the 303 doesn't work, because of a Mozilla bug in old browsers (Internet Explorer, Netscape, and Firefox are all based on Mosaic and identify themselves as Mozilla). Just read the comments in the code!
RLE
Average of ratings: -
In reply to Richard Enison

Re: Windows server: Failed Login does not post back error to login.php (FastCGI for IIS Problem)

by seth washeck -
right ... sorry about that ... 1.8.6 is our moodle version (long story).

i've tried commenting out the @header line in lib/weblib.php (did not work) but not the lib/filelib.php. should this be "either/or" or "both/and?"
Average of ratings: -
In reply to seth washeck

Re: Windows server: Failed Login does not post back error to login.php (FastCGI for IIS Problem)

by seth washeck -
i commented the one line in lib/weblib.php and there were two "Partial Content" lines in lib/filelib.php which which i commented. still getting the same error message with failed login
Average of ratings: -
In reply to seth washeck

Re: Windows server: Failed Login does not post back error to login.php (FastCGI for IIS Problem)

by Richard Enison -
SW,

Based on my understanding of PP's logic, I would say both/and.

You have answered my question #3 but not #2.

RLE
Average of ratings: -
In reply to Richard Enison

Re: Windows server: Failed Login does not post back error to login.php (FastCGI for IIS Problem)

by seth washeck -
sorry; i didn't communicate clearly. i did read that post and commented all HTTP @header directives.

"Basically any header() that outputs anything the fastcgi handler doesn't understand causes it to crash, it should really just ignore things instead, but on the weblib.php comment out line 4944. "@header('HTTP/1.0 404 Not Found');""


there are many other @header lines with things like MIME types so i guess i'm not certain if i should comment EVERYTHING with @header or just the HTTP responses. i commented all in both of the files referenced by PP and still no resolution.

is this situation found in newer versions of moodle?r
Average of ratings: -
In reply to seth washeck

Re: Windows server: Failed Login does not post back error to login.php (FastCGI for IIS Problem)

by Richard Enison -
SW,

Thx for clearing that up.

Now, based on my knowledge of the @header calls in Moodle, and on what PP has said, I would say no, definitely not. Do not comment out all header lines (the @ in front of header just means to ignore errors that may occur in the course of executing the header function).

However, because I do not have, nor have I ever had, IIS on my computer, nor have I ever used it, my knowledge of IIS is very limited. I am just the Western Union messenger boy here, passing on info about IIS that I have seen in this forum and elsewhere on the Web. Because of that, I cannot determine whether this problem occurs in newer versions of Moodle.

But more generally, I'm more than that. As a long-time programmer, I do know PHP and I can look at the source code of Moodle and understand it, up to a point (I may know what a statement is doing but not why). I can and have passed on what I discover this way to the Moodle community in this and other Moodle forums.

So what would I do in this situation? Well, you've put in a debugging die statement into the code to see what value me had. I might do the same for some of the variables defined in the redirect function shown in PC's post, such as $url, $surl, $encodedurl, $newurl, $tempstr, and $hostpart. For example, you could insert a line just before line 5038 (as shown in that post) saying

die($url);

and likewise for the other variables. To save time, you might want to display all the variables at once, with something like

die("url: ".$url."\nsurl: ".$surl ... $hostpart);

The \n means line break and the . stands for concatenation of character strings. The ... is not to be typed, of course; it represents a repetition of the pattern shown for the other variables in the list. If some of the variable values seem wrong, you could (depending on which one is wrong) put debugging statements into the code earlier, such as before line 5030 a line like

echo($newurl."/n");

to show the intermediate values of $newurl each time through the loop. If you used die instead of echo, you would only see it the first time through the loop. But then put a die statement at the end of the loop, such as on line 5036, to prevent it from going too far.

RLE
Average of ratings: -
In reply to Richard Enison

Re: Windows server: Failed Login does not post back error to login.php (FastCGI for IIS Problem)

by seth washeck -
nothing really ever worked so we went lighttpd 1.4.20 and we're back in business


Average of ratings: -