Topic: PHP redirection problem on SME server

[wdepot]

Hopefully someone here can enlighten me with a solution for a very frustrating problem. We are using SME 7.1.3 with PHP 4.3.9 to run an osCommerce web site. I am trying to add a login page for the adminstration section and the PHP header redirection feature is not working on our server. The exact same code works fine on my test server (a Mac running PHP5) so I know it is not the PHP file itself that is causing the problem.

What is happening is that once the file verifies the user and password  it sets a couple of $_SESSION variables and then calls

header('Location: https://oursite.com/catalog/admin/index.php');

which is supposed to load the index.php file. However on the SME server I get the error

The requested URL /catalog/admin/(EmptyReference!) was not found on this server.

And the address bar in the web browser is set to

https://oursite.com/catalog/admin/(EmptyReference!)

The same thing happens if I try to use the header('Refresh') command to do the same thing. Since the error happens only when running the file on the SME server I know it has to be some server setting somewhere that is causing the problem. Can anyone tell me what changes I might need to make to the httpd.conf or php.ini files to fix the problem? I've read that magic quotes can cause problems with the header command but on the server only magic_quotes_gpc is turned on and turning that off didn't make any difference. All server and CentOS updates are installed and I even used the install individual packages option to install any PHP package that hadn't already been installed.

[cool34000]

Hi

osCommerce needs a few customisation:

php_flag register_globals on
php_value session.use_trans_sid 0

I will try to make an rpm of this webapp for SME 7.x

[wdepot]

Yes, I know about register_globals. As for the other item I can't find it listed on a phpinfo page so I don't know what value it has. It's not osCommerce I'm having the problem with anyway. We been running it for years without problems. The specific problem I'm having is with the PHP header('Location: ') function which is malfunctioning only on our SME server. An rpm of stock osCommerce won't help us since we've already modified our version quite heavily.

[cool34000]

Here the template I'm using:

Code: [Select]


#--------------------------------------------------------------
# OSCommerce
#--------------------------------------------------------------
Alias /oscommerce /opt/oscommerce/catalog

<Directory /opt/oscommerce/catalog>
AddType application/x-httpd-php .php .php3 .phtml
order deny,allow
deny from all
allow from all
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
php_value session.use_trans_sid 0
php_value register_globals 1
php_admin_value open_basedir /opt/oscommerce/catalog/
</Directory>

<Directory /opt/oscommerce/catalog/admin>
AddType application/x-httpd-php .php .php3
order deny,allow
deny from all
allow from all
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
php_value session.use_trans_sid 0
php_value register_globals 1
AuthType Basic
AuthName "osCommerce Admin"
AuthUserFile /opt/oscommerce/allowed_users/.htpasswd
AuthGroupFile /dev/null
Require valid-user
</Directory>

<Directory /opt/oscommerce/catalog/download>
AuthType Basic
AuthName "NO ACCESS"
AuthUserFile /opt/oscommerce/allowed_users/.htpasswd
AuthGroupFile /dev/null
Require valid-user
</Directory>

<Directory /opt/oscommerce/catalog/includes>
<Files *.php>
Order Deny,Allow
Deny from all
</Files>
</Directory>

<Directory /opt/oscommerce/catalog/pub>
Options +FollowSymLinks -Indexes
</Directory>

#--------------------------------------------------------------


The rpm is almost built...

[wdepot]

I tried adding some of the Apache directives you used to my server and I still get the Empty Reference error when the header('Location: https://ourserver.com/catalog/admin/index.php'); command executes. Is there some other PHP setting besides session.use_trans_sid, register_globals, and open_basedir that could be affecting the header command and making it think the location is empty when it is not? Is there a bug in PHP 4.3.9 that might be causing the problem? If so I would gladly upgrade the PHP on our server if I can find a version made for SME 7.

[cool34000]

Hi,

In the mean time, I've finished my rpm

Have you tried without https ? I'm always getting redirected to http after trying to access the administration panel with https.  
Is this the same problem you're talking about ?

[wdepot]

Actually one of the server settings I have on the server for the admin folder is SSLRequireSSL which means you have to use https. The redirect function I use is specifying https as the connection method. Specifically the call is

header('Location: https://oursite.com/catalog/admin/index.php');

the problem is that the browser is trying to go to

https://oursite.com/catalog/admin/(EmptyReference!)

which means that there is something going wrong with the PHP header function. For some reason it is not sending the actual file name to the browser. The same problem happens no matter what file I try to send it to.

The RPM files you uploaded appear to be osCommerce. We already have osCommerce and it is running nicely. In fact our osCommerce has been so highly modified that I wouldn't want to install your version because it would require that I spend time making all of our changes again. The problem I am having is not an osCommerce problem. It is a problem with PHP on our SME server.

[cool34000]

Hi

Well I guess the rpm could find some downloaders... See also the Wiki...
This is the 1st release so it could be improved... If you have any suggestions, send me an email!

Actually one of the server settings I have on the server for the admin folder is SSLRequireSSL

Yes, I saw the bug, it's not happening when not forcing https (which is of course not the proper way here). Trying the URL https://mydomain/oscommerce/admin give me first the auth-page and then like I said I get redirected to http://mydomain/oscommerce/admin
This might be revealing...
Have you tried their forum?

[wdepot]

It sounds in your case like the authorization was designed to go to the nonssl server for admin. If your admin/includes/configure.php set both the ssl and nonssl servers to 'https://mydomain/ then I doubt you would have the problem. If your authentication uses one of the built in osCommerce functions to go to the admin index then try adding ,'SSL' to the arguments in the file as in:

tep_href_link('gohere','parameters'); defaults to a non-SSL connection

tep_href_link('gohere','parameters','SSL'); links using the SSL connection defined in configure.php

AARGH! I just found out what was causing my problem. GoLive changed the code on the html web form from action="" to action=(Empty Reference!) when I copied the signin file from our test site to the working server. I think I'm going to have to see if I can find a preference in GoLive to prevent it from updating links when importing files. Sorry to bother everyone here.