Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-53901

redirect on failed login under HTTPS for login goes to HTTP url

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      Setup apache to serve both http and https.

      Enable loginhttps config setting.

      Break the configuration for the http side (e.g. set documentroot somewhere else)

      Go to the https login page and enter a wrong username/password.

      Verify you are redirected back to the login page without going through the http site.

      Show
      Setup apache to serve both http and https. Enable loginhttps config setting. Break the configuration for the http side (e.g. set documentroot somewhere else) Go to the https login page and enter a wrong username/password. Verify you are redirected back to the login page without going through the http site.
    • Affected Branches:
      MOODLE_29_STABLE, MOODLE_30_STABLE
    • Fixed Branches:
      MOODLE_29_STABLE, MOODLE_30_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-53901-master

      Description

      When the site is using HTTPS for logins, if the user passes an incorrrect password or some other error is generated on login the login/index.php file redirects the user to a HTTP URL. The site then, because of the use HTTPS for login, redirects the user again to the HTTPS URL for login.

      This is being caused by the redirect in line 355 (in Moodle 2.9) of login/index.php

      {quote}} else if ($errormsg or !empty($frm->password)) {
      // We must redirect after every password submission.
      if ($errormsg)

      { $SESSION->loginerrormsg = $errormsg; }

      redirect(new moodle_url('/login/index.php'));
      }

      If this is changed to:

      redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php');

      this fixes the double redirect. This is already used in several places in the file.

        Attachments

          Activity

            People

            • Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                9/May/16