PDA

View Full Version : error with login form on homepage redirecting to https

Jason Kline
10-12-2009, 11:57 PM
The login form on the homepage gets access denied everytime I attempt to change the code ""successRedirect" => "mainhome.php"," below for https access.

if($_SERVER["REQUEST_METHOD"] == "POST"){
$WA_Auth_Parameter = array(
"connection" => $NoWayJose,
"database" => $database_NoWayJose,
"tableName" => "NoWayJosetable",
"columns" => explode($WA_Auth_Separator,"User_Name".$WA_Auth_Separator."Password"),
"columnValues" => explode($WA_Auth_Separator,"".((isset($_POST["username"]))?$_POST["username"]:"") ."".$WA_Auth_Separator."".((isset($_POST["userpassword"]))?$_POST["userpassword"]:"") .""),
"columnTypes" => explode($WA_Auth_Separator,"text".$WA_Auth_Separator."text"),
"sessionColumns" => explode($WA_Auth_Separator,"securekey".$WA_Auth_Separator."userLevel".$WA_Auth_Separator."User_Name"),
"sessionNames" => explode($WA_Auth_Separator,"securekey".$WA_Auth_Separator."userLevel".$WA_Auth_Separator."User_Name"),
"successRedirect" => "https://ssldomainhome.com/mainhome.php",
"failRedirect" => "accessdeny.php",
"gotoPreviousURL" => TRUE,
"keepQueryString" => TRUE
);

WA_AuthenticateUser($WA_Auth_Parameter);
}

This will only work is I first goto https://ssldomainhome.com then login from homepage.
Ray Borduin
10-13-2009, 01:31 PM
Since https is for security on forms, you should really take them to the https version of the login page in the failed redirect or any links to the login page in the first place and not redirect to the https only upon success. Since at that point the login information itself is subject to lack of security.
Jason Kline
10-13-2009, 03:15 PM
Thank you the reply Ray.

OK I have done this already.

"successRedirect" => "https://ssldomainhome.com/mainhome.php",
"failRedirect" => "https://ssldomainhome.com/accessdeny.php",

I guess I have not explain the problem correctly.

With the code set like above, when I go to my homepage that has the login form embeded (http://www.ssldomainhome.com) and I login... I get access denied every time.

The only way to login successfully is to open my browser and point to homepage(https://ssldomainhome.com) and then I will login sucessfully.

Why is this happening and how do I fix this?
Ray Borduin
10-13-2009, 04:12 PM
You can use a mod rewrite like this:

http://teqsnacks.com/2007/01/17/automatically-redirecting-to-the-www-prefix/

or use php like this:

http://www.110mb.com/forum/scripts-php-script-htaccess-removing-www-or-adding-to-site-piotr-grd-t31345.0.html%3Bwap2=