try openning the /scp/login.php file in a text editor like "notepad.exe" and comment a line with "header("Location: $dest");".
Obs: for those who don't know, to comment a line, you just have to add '//' at the beggining of it;
Obs2: The line you should comment should be around the line 41 ...
Don't know if it will work for you. Worked for me:
- Microsoft IIS
- PHP 5.2
- Mysql 5.1
Below is my 'login.php' after editing it:
require_once('../main.inc.php');
if(!defined('INCLUDE_DIR')) die('Fatal Error. Kwaheri!');
require_once(INCLUDE_DIR.'class.staff.php');
$msg=$msg?$msg:'Authentication Required';
if($_POST && (!empty($_POST) && !empty($_POST))){
//$_SESSION=array(); #Uncomment to disable login strikes.
$msg='Invalid login';
if($_SESSION && (time()-$_SESSION<3*60)) {
$msg='Max failed login Reached';
$errors='You\'ve reached maximum failed login attempts allowed.';
}
if(!$errors && ($user=new StaffSession($_POST)) && $user->getId() && $user->check_passwd($_POST)){
db_query('UPDATE '.STAFF_TABLE.' SET lastlogin=NOW() WHERE staff_id='.db_input($user->getId()));
//We got a matching user and the password matched!! Nice.
//Now set session crap and lets roll baby!
$_SESSION=array(); //clear.
$_SESSION=$_POST;
$user->refreshSession(); //set the hash.
$_SESSION=$user->getTZoffset();
$_SESSION=$cfg->observeDaylightSaving();
//Redirect to the original destination. (make sure it is not redirecting to login page.)
$dest=($_POST && !strstr($_POST,'login.php'))?$_POST:'index.php';
//header("Location: $dest"); <----- THIS LINE HERE
require('index.php'); //Just incase header is messed up.
exit;
}
//If we get to this point we know the login failed.
//TODO: login strikes should be DB based for better security checks ( session can be reset!)
$msg='Invalid login';
$_SESSION+=1;
if(!$errors && $_SESSION>3) {
$msg='Access Denied';
$errors='Forgot your login info? Contact IT Dept.';
$_SESSION=time();
//Send alerts
if($cfg->alertONLoginError()) {
$alert='Excessive login attempts by a staff member?'."\n".
'Username: '.$_POST."\n".'IP: '.$_SERVER."\n".'TIME: '.date('M j, Y, g a T')."\n\n".
'Attempts #'.$_SESSION;
Misc:('Excessive login attempts (staff)',$alert);
}
}
}
define("OSTSCPINC",TRUE); //Make includes happy!
$login_err=($_POST)?true; //error displayed only on post
include_once(INCLUDE_DIR.'staff/login.tpl.php');