| Stefan Ritt wrote: | Hi Rouilj,
re-posting your bug report doe not help. If I'm not replying immediately it means I'm pretty busy with other things, so just be patient.
|
Fair enough. I just saw posts after mine being responded to and I wasn't sure if my choice of icon
was causing it to be filtered out or not.
| Stefan Ritt wrote: |
Your problem is related to the reply from the server you posted. After you send
GET /Discussion/?cmd=GetPwdFile
you should get the login page, which starts with
HTTP/1.1 200 Document follows
....
<title>ELOG Login</title>
....
but you do get
HTTP/1.1 404 Not Found
....
The best thing to diagnose this problem is to run the server with the "-v" flag, so you don't have to run truss. Then compare the request sent by your cloning process (your GET /Discussion/?cmd=GetPwdFiel from above) and compare it if you send from your browser
http://host.example.org:8080/Discussion/?cmd=GetPwdFile
|
Using the url above from mozilla without being logged into the elogd server, elogd -v shows:
GET /Discussion/?cmd=GetPwdFile HTTP/1.1
Host: rouilj.dyndns.org:8080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: elmode=Summary; urem=1
==== Return ================================
HTTP/1.1 404 Not Found
Server: ELOG HTTP 2.7.8-2278
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 665
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<title>ELOG error</title>
<link rel="stylesheet" type="text/css" href="default.css">
</head>
<body><center>
<table class="dlgframe" width="50%" cellpadding="1" cellspacing="0"<tr><td class="errormsg">Error: Command "<b>GetPwdFile</b>" not allowed</td></tr>
<tr><td class="errormsg"><script language="javascript" type="text/javascript">
document.write("<button type=button onClick=history.back()>Back</button>");
</script>
<noscript>
Please use your browser's back button to go back
</noscript>
</td></tr>
</table>
</center></body></html>
It looks like it's not redirecting to the login page and returning a 404 instead.
If I log in and submit the same URL, it displays the password file as expected.
I think I kind of see what's happening here. In is_command_allowed you add the GetPwdFile to the list of
allowed command but only if is_admin_user is true. Since the user is guest at that point, I assume
is_admin_user returns false making is_command_allowed return false. Then the redirect is attempted by this
code sequence:
if (!is_command_allowed(lbs, command)) {
/* redirect to login page for new command */
if (strieq(command, loc("New")) && !isparam("unm")) {
check_user_password(lbs, "", "", _cmdline);
return;
}
but to me that looks like it will execute only if the command contains the word new
(or it's translated equivalent if I understand loc() properly)?? Since the command string
GetPwdFile doesn't match no login screen is presented by check_user_password.
| Stefan Ritt wrote: |
now without sending any cookies. Maybe you can figure out why the server replies with a 404 instead of a 200 when run from the cloning process. Try a very simple elogd.cfg on your sever side, just the basic thing with a "Password file = ..." setting. Do you have any blanks in your logbook name? Are you using Apache as a proxy?
Anyhow, if this does not work for you, just copy your password file manually as you did already. The rest should then work fine for you.
- Stefan |
No apache in the mix (although I may be adding it in the future), no blanks in the
logbook names.
-- rouilj |