I am trying to resolve a bug on a client's application, but i can't log in.
So i go to application.dev/metier/login, with application.dev as my virtual host, metier my admin route page and login the page to log in the application.
I complete the form, click on connect, i am getting logged in, redirected to the index page (application.dev/metier/index) but immediately after the redirection i am kicked out to the login page. The url is still application.dev/metier/index, but the i am seeing the login page as i was not authenticated.
I checked session, cleared after redirection. It is like it's working fine, I am known from database, inserted in session, known as admin, but kicked out no matter what i do. No error, no log. Zend do not enter indexAction().
I can't go to another page due to the routing, and if i try to put my informations in session before access login page, i have an error "too many redirections" (i am in authenticated so go to index, but no i am kicked out, but i am authenticated, but i am kicked out...).
I am on Zend framework 1.12.18, Windows 10, with laragon (Kaspersky as antivirus). I also tried with wamp, and on an Ubuntu VM with xampp, same problem. I tried on another computer, same problem. It works on the developer who gave me the source code. He gave me the original code and the code with his modification (of application.ini mainly), both give me the "error".
Controller:
public function loginAction() {
try {
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$this->redirect('/metier/index/');
return;
}else{
Zend_Session::regenerateId();
}
$loginForm = new Application_Form_Admin_Login();
$request = $this->getRequest();
if ($request->isPost()) {
if ($loginForm->isValid($request->getPost())) {
if ($this->_process($loginForm->getValues())) {
// We're authenticated! Redirect to the home page
$this->_helper->redirector('index', 'index');
}
} else {
Log::debug('User sent invalid data.', __FILE__, __LINE__);
Log::debug($request->getPost(), __FILE__, __LINE__);
Log::debug('Errors: ', __FILE__, __LINE__);
Log::debug($loginForm->getErrors(), __FILE__, __LINE__);
$this->view->error = Zend_Registry::get('Language')->errors->login->error;
}
}
} catch (Exception $e) {
//$this->view->error = 'Wrong username and/or password';
$this->redirect('/metier/login/');
return;
}
$this->view->form = $loginForm;
}
protected function _process($values) {
if (!trim($values['username']) || !trim($values['password'])) {
$this->view->error = Zend_Registry::get('Language')->errors->login->empty;
return false;
}
// Get our authentication adapter and check credentials
$adapter = $this->_getAuthAdapter();
$adapter->setIdentity($values['username']);
$adapter->setCredential($values['password']);
$auth = Zend_Auth::getInstance();
$result = $auth->authenticate($adapter);
Log::debug('Authentication returned result code: ' . $result->getCode(), __FILE__, __LINE__);
switch ($result->getCode()) {
case Zend_Auth_Result::SUCCESS:
$mdlMetierDep = new Application_Model_DbTable_MetierDepartement();
$user = $adapter->getResultRowObject();
$metDepObj = $mdlMetierDep->fetchRow(array('id_metier = ?' => $user->id_metier, 'id_departement = ?' => $user->id_departement));
if (!$metDepObj) {
$this->view->error = Zend_Registry::get('Language')->errors->login->error;
return $this->_redirect('/metier/login/');
}
$user->Role = Acl::ROLE_ADMIN_METIER;
$user->id_metier_departement = $metDepObj->getIdMetierDepartement();
$user->metier = $metDepObj->findMetier()->toArray();
$user->department = $metDepObj->findDepartement()->toArray();
// to help thwart session fixation/hijacking
// store user object in the session
$authStorage = $auth->getStorage();
$authStorage->write($user);
$this->_redirect('/metier/index/');
break;
case Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND:
case Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID:
default:
$this->view->error = Zend_Registry::get('Language')->errors->login->error;
break;
}
if ($result->isValid()) {
$user = $adapter->getResultRowObject();
//$auth->getStorage()->write($user);
return true;
}
return false;
}
The login and reporting actions (just for informations, zend do not goes in it)
public function indexAction() {
$this->go('reporting');
}
public function reportingAction() {
$this->loadJs(('/scripts/metier/general.js'));
$this->loadCss(('/styles/metier/DataTable.css'));
$this->loadJs(('/scripts/jquery.dataTables.js'));
$this->loadJs(('/scripts/metier/data-table.js'));
}
Init function :
public function init() {
/* Initialize action controller here */
parent::init();
$this->loadCss(('/styles/web/tables2.css'));
$this->loadJs(('/scripts/web/tinyMceConfigs.js'));
$this->language = Zend_Registry::get('Language');
$this->view->language = $this->language;
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$this->storage = $auth->getStorage()->read();
$this->_getLogo();
} else {
$this->view->noLogo = true;
}
//enum field for indicateurs
$this->view->frequence = array('M', 'T', 'S', 'A');
$this->view->sens = array(
'A' => 'Croissant',
'D' => 'Décroissant',
);
$this->view->formulaType = array(
0 => 'rule',
1 => 'min',
2 => 'max',
3 => 'avg');
$this->view->FormulaOperand = array(
0 => '+',
1 => '-',
2 => '/',
3 => '*');
$this->view->tableauTypes = array(Constants::TABLEAU_STRUCTURE_DETAILLE, Constants::TABLEAU_STRUCTURE_COMPTEURS, Constants::TABLEAU_STRUCTURE_GRAPH);
$this->view->operands = array('+', '-', '*', '/');
$this->view->pageTypes = array(
Constants::PAGE_GARDE,
Constants::PAGE_CONTENU,
Constants::PAGE_TABLEAUX,
);
$this->view->HautEtBasTypes = array(
Constants::HEADER => Constants::HEADER,
Constants::FOOTER => Constants::FOOTER,
);
$this->loadCss('styles/forms.css', 'form_css');
$this->view->config = Zend_Registry::get('AppConfig');
$ajaxContext = $this->_helper->getHelper('AjaxContext');
$ajaxContext->addActionContext('add-metier', 'json')
->setAutoJsonSerialization(true)
->initContext();
$this->_loggedInUser = Zend_Auth::getInstance()->getIdentity();
ini_set('display_errors', 1);
error_reporting(E_ALL);
}
Classname :
class MetierController extends Reporting_Controller {...}
After debugging, it goes to $this->_redirect('/metier/index') and then kick me out
What could be the problem ?