Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 2.5.1
-
Component/s: Authentication
-
Testing Instructions:
-
Affected Branches:MOODLE_25_STABLE
-
Fixed Branches:MOODLE_24_STABLE, MOODLE_25_STABLE, MOODLE_26_STABLE
-
Pull from Repository:
-
Pull Master Branch:w39_
MDL-41223_m26_customlogin -
Pull Master Diff URL:
Description
SUMMARY
I need to have a couple of links giving the user the choice to login using the English or French login page. I am using Moodle 2.5.1.
WHAT'S HAPPENING
The problem is, under certain circumstances, the user is prompted to logout upon successfully login in. They get a message similar to:
"You are already logged in as Michael Milette, you need to log out before logging in as different user."
I have tested this with several themes including the Standard (Vanilla), Clean and Standard (legacy) themes. It happens with all of them so this is not theme related. I have also tried it in various environments including Apache on Windows (local install) and on Linux (on a live web server) and the outcome is the same.
DESIRED BEHAVIOUR
If you are logging in from any page other than the login page, you should be redirected back there (example, if logging in from a block on the home page).
If you are logging in from the login page, you should be redirected to the referrer page only if it was within the moodle side. Otherwise you should be redirected to the moodle home page.
Ideally, if logging in from the login page and you fail to login, the original referrer must be maintained. The test to see if you are coming from the login page should work whether the URL has or doesn't have parameters like ?lang=xx. Alternatively, they should be redirected to the home page, but never to the login page.
REPRODUCING THE ISSUE
Here is how to reproduce the issue using Moodle 2.5.1 (probably previous versions too):
Step 1) Go to:
http://yoursite.com/login/index.php?lang=en
or
http://yoursite.com/login/index.php?lang=fr
The ?lang=xx is important to meet my requirements. Unfortunately it seems to be the cause of the problem. Without it, everything works as expected.
Step 2) Fail your first login attempt.
Step 3) Successfully login on the second or third attempt.
Step 4) You will be asked whether you really want to logout. THIS IS THE FIRST PROBLEM! You should not be prompted to logout while trying to login.
Step 5) If you click continue, you will always be prompted to logout each time you successfully attempt to login, even if you get it on the first attempt. THIS IS THE SECOND PROBLEM. Your choice in one session should not affect the next login session. If we resolve the first issue, this one should no longer be an issue.
Alternatively, if you click Cancel at the prompt, the cycle will end and you will be able to login normally on subsequent logins.
ADDITIONAL INFORMATION
From what I can see in the source code of /login/index.php, if you fail to login on the first attempt, the system ends up thinking that the login page is where you are coming from because of the ?lang=xx parameter. Once you have successfully logged in, it redirects you to where you were trying to go in the first place. Unfortunately it thinks you were trying to go to the login page.
POTENTIAL SOLUTION
Line 277 of /login/index.php is currently:
$_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/index.php')
A better test would probably be...
strpos($_SERVER["HTTP_REFERER"], $CFG->httpswwwroot.'/login/index.php') !== 0)
or even...
strncmp($_SERVER["HTTP_REFERER"], $CFG->httpswwwroot.'/login/index.php', strlen($CFG->httpswwwroot.'/login/index.php'))
Can we get this fixed for all future releases of Moodle?
Best regards,
Michael