-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Geoffrey A. van den Ouden, On Tuesday, August 16, 2005, you wrote:
> I had this weird bug when using squirrelmail that when I first try > to login, I got an errormessage telling me the the user did not > exist. The second time the login did work. I really had no idea what > was causing this problem and I really tried almost everything that I > could find on this mailinglist. > Yeah, i tried the session.auto_start = 1 in the PHP configuration and a > lot of other stuff, but it all didn't work for me. > Just today I finally noticed what the problem was. The url i'm using has > an underscore ( _ ) and when logging into squirrelmail users get > redirected from index.php to src/login.php. This redirect adjusts the > underscore to a '%5' in my url. Now when users try to log in, it doesn't > work, the user/login is not recognized. But when they click on the link to > return to the loginpage, the URL is restored with the underscore in it. > When they then try to login again, their credentials are excepted. > I'm using: > W2k3 - IIS 6.0 > PHP 4.4.0 > SM 1.4.5 > MS Exchange 2000 / hMailServer > Just maybe there are more illegal tokens that are translated bij the > redirect of the index.php. I believe that this problem is platform and > webserver independent and I hope this is a useful hint for some of you out > there. _ is not an illegal token I believe. In fact, it specifically mentions in RFC1738 that _ is allowed to appear within URLs without being encoded (see section 2.2.). In addition, I don't believe we call a url encode on the redirect in src/login, src/redirect, or src/webmail so it'd suggest a deeper underlying issue. What browser are you testing with? Have you tried a different browser (ie, Firefox over IE)? Do you still get it? If so, have you tried checking your IIS setup to see if there might be something there? I know there is an application you can run on IIS to force a lock down making IIS a lot more strict in what it accepts/does, did you run it? - -- Jonathan Angliss <[EMAIL PROTECTED]> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) iD8DBQFDAsCMK4PoFPj9H3MRAsa0AJ49fP1wV5gYWjKziihyXLE0hhihCgCgu/jK p/p9UFBgAh6DEJwJGZxr/zk= =gTOQ -----END PGP SIGNATURE----- ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf -- squirrelmail-users mailing list Posting Guidelines: http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines List Address: [email protected] List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
