• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Problem with external_login and ReturnUrl

L

lbarbieri

Guest
I was trying to use the external_login.php script and I ran into a weird problem.
It's about the ReturnUrl parameter used to go to a specific page after a successful login: if I log in using the administrator account, everything works fine; for any other user, the parameter is ignored and I am brought to the Wizard.
I tried with simpler return URLs, down to www.google.com, but nothing changed. Also, I tried with and without parameter "urlencoding". In both cases, it works for admin and no one else.
Of course I am not using any other parameter that could (according to the Developer Guide) prevent this mechanism from working, i.e. SiteID and ShowAdmin.
Example: http://mysite/external_login.php?Login=username&Password=password&ReturnUrl=http://www.google.com
Any suggestion? Am I doing something wrong?

Thanks in advance.
 
I had forgotten to put the "http://" in my example, sorry. But it is present in my real code and it does not help.
Worse, I have clicked on your links and the second one does not work. If it works for you...now I am really perplexed.
Following are the response HTTP headers I get for first and second link.

Admin
HTTP/1.x 302 Found
Date: Thu, 16 Oct 2008 08:04:40 GMT
Set-Cookie: s_vi=[CS]v1|48F6F59800002A09-A3A093500003389[CE]; Expires=Tue, 15 Oct 2013 08:04:40 GMT; Domain=swsoft.122.2o7.net; Path=/
Location: http://swsoft.122.2o7.net/b/ss/swsc...-In;Flip4Mac Windows Media Plugin 2.2 ;&AQE=1
X-C: ms-3.7.1
Expires: Wed, 15 Oct 2008 08:04:40 GMT
Last-Modified: Fri, 17 Oct 2008 08:04:40 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
Etag: "48F6F598-2A09-7DF899C2"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www253
Keep-Alive: timeout=15
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/plain

Trust
HTTP/1.x 302 Found
Date: Thu, 16 Oct 2008 08:04:40 GMT
Set-Cookie: s_vi=[CS]v1|48F6F59800002A09-A3A093500003389[CE]; Expires=Tue, 15 Oct 2013 08:04:40 GMT; Domain=swsoft.122.2o7.net; Path=/
Location: http://swsoft.122.2o7.net/b/ss/swsc...-In;Flip4Mac Windows Media Plugin 2.2 ;&AQE=1
X-C: ms-3.7.1
Expires: Wed, 15 Oct 2008 08:04:40 GMT
Last-Modified: Fri, 17 Oct 2008 08:04:40 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
Etag: "48F6F598-2A09-7DF899C2"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www253
Keep-Alive: timeout=15
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/plain
 
Second link does not work for me as well. But it definitely worked. I created new test user and it works again. It looks like it works only for new users. Try to create new user and try to check it. Let me know about the results. Just to make sure that it is so.
 
Well, at least there is something strange, it is not just me.
Now I wonder for how long a user remains "new". Did the link for your new user work the second time you clicked on it? Or do you have to do something on that user to make it look "old" to SiteBuilder?
Aside from this, I tried with a brand new user too and the link did not work, not even the first time.
http://servizi.vadoinrete.it/extern...testreturnurl&ReturnUrl=http://www.google.com
The same exact link, with the admin parameters, works.
:(
 
I have just tried something. In a virtual machine we use for developing (and where we have R/W access to the SiteBuilder database), I changed the role of a user from siteowner to admin. The external_login script started working in the expected way. I changed the role back to siteowner and the script stopped working (with regard to the ReturnUrl parameter, of course).
This happened with the last user I have created, and with the very first one, which is as old as the admin user.
 
I have made some more tests with Site owner and Reseller but could not reproduce this behaviour. I used demo site on Parallels. You can try to check it there. It seems the problem with 4.2 version which you use. It is suggested to make upgrade to latest one, so you can try to perform upgrade and check this situation one more time.
 
From what I understand, you used the latest version for your test. Wouldn't it be possible for you to try with version 4.2, and if a bug actually exists, see if you can fix it? After all, this forum is dedicated to that version. And an upgrade is not an easy step to do. Our procedure is in use by many users and we would prefer not to take the chance to mess or lose their web sites. Unless you can guarantee that everything would go fine.
I would even debug the code myself if I could, but your PHP is encrypted, therefore I can only ask you.
 
I have checked this case on Sitebuilder 4.2 installation and it looks like this functionality does not work in regards to Site owner, as you said. I tried to create new site owner under admin user and under reseller but none of them worked as expected.
Anyway, I suggest you to accomplish upgrade to latest version. Before making update you should create full Sitebuilder backup, just in case (dump Sitebuilder database and Sitebuilder root directory). Upgrade procedure from 4.2 to 4.5 version should go smoothly and there should not be any troubles with that. New version has some additional features and include fixes for some known issues from 4.2 version (including this one with external_login.php).
Some more details related to 4.5 version you can get here: http://www.parallels.com/en/sitebuilder/
Upgrade instructions can be found in installation guide: http://www.parallels.com/en/sitebuilder/docs
 
Thanks so much. We will consider an upgrade then. While keeping crossed our fingers. :)
 
You must log in or register to reply here.

Similar threads

G
Issue Plesk admin login page not working and gave , HTTP ERROR 500
Replies
3
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
E
Issue Extension Amazon S3 Backup / error remote storage
Replies
2
Views
1K
Erwan
E
M
Issue Database Connection Refused 10 mins after Deploy
Replies
1
Views
436
scsa20
scsa20
A
Issue FTP - Insecure server, it does not support FTP over TLS.
Replies
3
Views
738
Alban Staehli
A
W
Issue htaccess hotlink protection issue with ip6
Replies
2
Views
234
King555
K
Back
Top