I have Authwebserver enabled; it is not configured to be the default auth method. When the PHP variable $_SERVER is NOT defined I can login successfully via Authdb.
This is what a successful login looks like via Authdb; I see these lines added to my ssl_limesurvey-access_log log file:
First these two lines are added when the login page is displayed:
100.36.xxx.xx - - [21/May/2020:03:58:05 +0000] "GET /admin/ HTTP/1.1" 302 -
100.36.xxx.xx - - [21/May/2020:03:58:05 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 200 17762
Next these two lines are added after I enter my correct username and password:
100.36.xxx.xx - - [21/May/2020:04:04:40 +0000] "POST /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - - [21/May/2020:04:04:40 +0000] "GET /admin/ HTTP/1.1" 200 48817
At this point I am successfully logged in.
This is what an unsuccessful login looks like via Authwebserver. In this case the PHP variable $_SERVER has a value of 'jestrada' minus the quotes. Mozilla Firefox 76.0.1 (64-bit) displays an error page saying: "The page isn't redirecting properly An error occurred during a connection to
web001.limesurvey-access-dev.xxxx.net. This problem can sometimes be caused by disabling or refusing to accept cookies." I verified the cookie things is NOT my issue. These are the lines added to my ssl_limesurvey-access_log log file:
After that, I can no longer login as myself or an any other user, even the 'admin' user. This is true even though I've verified that the PHP variable $_SERVER is no longer defined. My browser shows a floating error message on the "Log in" page saying: You have exceeded the number of
maximum login attempts. Please wait 10 minutes before trying again."
If you need any additional information, please just ask. Let me just say thanks in advance to anyone willing to give me a hand with this problem.
Joseph J. Estrada
Last edit: 4 years 7 months ago by jestrada. Reason: Quoted strings in square brackets are not visible. Attempting to escape the square brackets.
I have Authwebserver enabled; it is not configured to be the default auth method. When the PHP variable $_SERVER 'REMOTE_USER' is NOT defined I can login successfully via Authdb.
This is what a successful login looks like via Authdb; I see these lines added to my ssl_limesurvey-access_log log file:
First these two lines are added when the login page is displayed:
100.36.xxx.xx - - [21/May/2020:03:58:05 +0000] "GET /admin/ HTTP/1.1" 302 -
100.36.xxx.xx - - [21/May/2020:03:58:05 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 200 17762
Next these two lines are added after I enter my correct username and password:
100.36.xxx.xx - - [21/May/2020:04:04:40 +0000] "POST /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - - [21/May/2020:04:04:40 +0000] "GET /admin/ HTTP/1.1" 200 48817
At this point I am successfully logged in.
This is what an unsuccessful login looks like via Authwebserver. In this case the PHP variable $_SERVER 'REMOTE_USER' has a value of 'jestrada' minus the quotes. Mozilla Firefox 76.0.1 (64-bit) displays an error page saying: "The page isn't redirecting properly An error occurred during a connection to
web001.limesurvey-access-dev.xxxx.net. This problem can sometimes be caused by disabling or refusing to accept cookies." I verified the cookie things is NOT my issue. These are the lines added to my ssl_limesurvey-access_log log file:
After that, I can no longer login as myself or an any other user, even the 'admin' user. This is true even though I've verified that the PHP variable $_SERVER 'REMOTE_USER' is no longer defined. My browser shows a floating error message on the "Log in" page saying: You have exceeded the number of
maximum login attempts. Please wait 10 minutes before trying again."
If you need any additional information, please just ask. Let me just say thanks in advance to anyone willing to give me a hand with this problem.
If i remind : when webserver is set and you don't have access : it must throw a 401;
But here : seems best if :
1. You can check with a 3.X version with near same config (not same DB)
2. Report the issue
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member. -
Professional support
-
Plugins, theme and development
. I don't answer to private message.
