Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

[3.1.1] Custom login form (linked in home page template) doesn't function when logging in. On live server with ssl.


Reply


4 Posts   561 Views

Avatar
Schippie

Community Member, 37 Posts

8 November 2013 at 9:55pm

I am having an odd issue, for some reason i cannot login on a live server that has ssl enabled. It constantly gives me the following error message:

There seems to have been a technical problem. Please click the back button, refresh your browser, and try again.

I have traced the error to the [url=http://api.silverstripe.org/3.1/source-class-Form.html#_httpSubmission]Form.php ->httpSubmission() [/url] function. And that it has to do "i think" with the securityID key not matching the expected result or something along those lines because when i output it the two things that get compared are not equal to one and another.

My setup is:

CustomLoginForm:

http://sspaste.com/paste/show/527ca3bda7ad6

HomePageHeader.ss

<div class="header-top" >
<div class="column">
<img class="logo" src="{$SiteConfig.HomePageLogo.FileName}"/>
<div class="login-form">
$LoginForm
</div>
</div>
</div>

And the action onsubmit on home goes to: {url}/home/LoginForm.

I first thought it was related to the fix stated in 3.1.1 (https://github.com/silverstripe/silverstripe-framework/issues/2424)
But having downloaded the update it has still not fixed my problem. While they are similar in nature i think.

Avatar
Schippie

Community Member, 37 Posts

8 November 2013 at 10:03pm

Just tested it, it also seems to happen on a non ssl enabled version of the website.
It just doesn't seem to occure on local for some reason where i do use a higher PHPversion if that would make any difference. Servers PHP version is 5.3.3

Avatar
Schippie

Community Member, 37 Posts

9 November 2013 at 12:15am

Edited: 09/11/2013 12:18am

A step further, it seems to be caused by logging in on the ssl version. Which somehow causes a bad session to be set, preventing any login attempts from the none ssl version to (on the same domain). The fix to be able to login again into the non ssl version is to clear all your cookies and the cache. Though this still does not fix the ssl version.

It might be because of the way i force ssl (using absolute url with https:// in stead of forcessl for the reason that the checks that are used to check if the current site is ssl are not working for this server (it would need a server port check for 443 to be able to check if the server is ssl )

PS: even after this a administrator account can still not access the admin panel (even on the http version).

Avatar
Schippie

Community Member, 37 Posts

9 November 2013 at 3:20am

Edited: 09/11/2013 3:21am

After some more debugging it is indeed the:

[url=http://api.silverstripe.org/3.1/source-class-Director.html#_is_https]Director::is_https() function[/url]

That causes the problem, due to this server not sending https in the $_SERVER php var or any of the other checks it cannot detect it. Therefor i could not use it.
A simple fix for me was changing the function to something like this:

http://sspaste.com/paste/show/527ceebac1ba6

Not sure about the best implementation though. Probably something that can be easily passed along to the Director::forceSSL(); that can pass it along to the is_http() function.