Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-53901

redirect on failed login under HTTPS for login goes to HTTP url

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      Setup apache to serve both http and https.

      Enable loginhttps config setting.

      Break the configuration for the http side (e.g. set documentroot somewhere else)

      Go to the https login page and enter a wrong username/password.

      Verify you are redirected back to the login page without going through the http site.

      Show
      Setup apache to serve both http and https. Enable loginhttps config setting. Break the configuration for the http side (e.g. set documentroot somewhere else) Go to the https login page and enter a wrong username/password. Verify you are redirected back to the login page without going through the http site.
    • Affected Branches:
      MOODLE_29_STABLE, MOODLE_30_STABLE
    • Fixed Branches:
      MOODLE_29_STABLE, MOODLE_30_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-53901-master
    • Pull Master Diff URL:

      Description

      When the site is using HTTPS for logins, if the user passes an incorrrect password or some other error is generated on login the login/index.php file redirects the user to a HTTP URL. The site then, because of the use HTTPS for login, redirects the user again to the HTTPS URL for login.

      This is being caused by the redirect in line 355 (in Moodle 2.9) of login/index.php

      {quote}} else if ($errormsg or !empty($frm->password)) {
      // We must redirect after every password submission.
      if ($errormsg)

      { $SESSION->loginerrormsg = $errormsg; }

      redirect(new moodle_url('/login/index.php'));
      }

      If this is changed to:

      redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php');

      this fixes the double redirect. This is already used in several places in the file.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            derick-eld Derick Turner
            Peer reviewer:
            Damyon Wiese
            Integrator:
            David Monllaó
            Tester:
            Adrian Greeve
            Participants:
            Component watchers:
            Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              9/May/16