From f701c7578ed4da258b3b38cc94de722394a07abb Mon Sep 17 00:00:00 2001 From: Chris Putnam Date: Wed, 5 Apr 2017 21:06:05 -0500 Subject: [PATCH 1/4] Fix redirect on login for instances On instances where base_url has been set for use behind a reverse proxy, logins are incorrectly redirected. This happens because REQUEST_URI is set by the proxy: 1. librenms has base_url set to http://site.com/nms/ 2. Browser requests http://site.com/nms/ 3. nginx reverse proxies /nms/ to librenms at http://somehost:1234/ 4. librenms sees REQUEST_URI as "/" 5. librenms logs the user in, but sends "Location: /" to the browser. This redirects to the wrong location. To resolve, concatenate REQUEST_URI (which is relative) to base_url. As base_url is slash-terminated, crop the trailing slash. This should have no effect on users with default settings and will correctly redirect instances behind reverse proxies. --- html/includes/authenticate.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/includes/authenticate.inc.php b/html/includes/authenticate.inc.php index 15d5e0f93802..52f37173f822 100644 --- a/html/includes/authenticate.inc.php +++ b/html/includes/authenticate.inc.php @@ -96,7 +96,7 @@ $permissions = permissions_cache($_SESSION['user_id']); if (isset($_POST['username'])) { - header('Location: '.$_SERVER['REQUEST_URI'] ?: $config['base_url'], true, 303); + header('Location: '.substr($config['base_url'], 0, -1).$_SERVER['REQUEST_URI'], true, 303); exit; } } elseif (isset($_SESSION['username'])) { From ba6da7f5b0892cff27ca9cbe3aa65abe4c9d2034 Mon Sep 17 00:00:00 2001 From: Chris Putnam Date: Wed, 5 Apr 2017 21:17:28 -0500 Subject: [PATCH 2/4] I agree to the conditions of the Contributor Agreement contained in doc/General/Contributing.md. --- AUTHORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/AUTHORS.md b/AUTHORS.md index 8a3d362bb975..8431af1946e3 100644 --- a/AUTHORS.md +++ b/AUTHORS.md @@ -196,6 +196,7 @@ LibreNMS contributors: - Deeps (deepseth) - Jari Schäfer (jarischaefer) - Jan-Philipp Litza (jplitza) +- Chris Putnam (putnam) Observium was written by: - Adam Armstrong From cd64ebb9fcd4bfa70094b069473803567fabe14e Mon Sep 17 00:00:00 2001 From: Chris Putnam Date: Wed, 5 Apr 2017 21:18:46 -0500 Subject: [PATCH 3/4] Adding comment explaining redirect logic on login --- html/includes/authenticate.inc.php | 1 + 1 file changed, 1 insertion(+) diff --git a/html/includes/authenticate.inc.php b/html/includes/authenticate.inc.php index 52f37173f822..ab81dab4f2d9 100644 --- a/html/includes/authenticate.inc.php +++ b/html/includes/authenticate.inc.php @@ -96,6 +96,7 @@ $permissions = permissions_cache($_SESSION['user_id']); if (isset($_POST['username'])) { + // Trim the trailing slash off of base_url and concatenate the (relative) REQUEST_URI header('Location: '.substr($config['base_url'], 0, -1).$_SERVER['REQUEST_URI'], true, 303); exit; } From 5e20830eb0cd930a00a834daabbca04da9a7a168 Mon Sep 17 00:00:00 2001 From: Chris Putnam Date: Thu, 6 Apr 2017 03:12:34 -0500 Subject: [PATCH 4/4] Use rtrim instead of substr --- html/includes/authenticate.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/includes/authenticate.inc.php b/html/includes/authenticate.inc.php index ab81dab4f2d9..15128a367327 100644 --- a/html/includes/authenticate.inc.php +++ b/html/includes/authenticate.inc.php @@ -97,7 +97,7 @@ $permissions = permissions_cache($_SESSION['user_id']); if (isset($_POST['username'])) { // Trim the trailing slash off of base_url and concatenate the (relative) REQUEST_URI - header('Location: '.substr($config['base_url'], 0, -1).$_SERVER['REQUEST_URI'], true, 303); + header('Location: '.rtrim($config['base_url'], '/').$_SERVER['REQUEST_URI'], true, 303); exit; } } elseif (isset($_SESSION['username'])) {