[#8310] After a bad login a successful mobile login takes the user to DIMP as opposed to MIMP
Summary After a bad login a successful mobile login takes the user to DIMP as opposed to MIMP
Queue MIMP
Queue Version 1.1.1
Type Bug
State Stalled
Priority 2. Medium
Owners Horde Developers
Requester rorymckinley (at) gmail (dot) com
Created 05/27/09 (292 days ago)
Due
Updated 01/19/10 (55 days ago)
Assigned 06/03/09 (285 days ago)
Resolved 01/19/10 (55 days ago)
Attachments
Milestone
Patch No

History
01/19/10 Michael Slusarz Comment #6
Taken from Michael Slusarz
State ⇒ Stalled		 Reply to this comment
I'm not going to track this down in FW_3.  The Auth system has already 
been rewritten in H4.
06/03/09 Chuck Hagenbuch Priority ⇒ 2. Medium
State ⇒ Assigned
Assigned to Horde DevelopersHorde Developers
Assigned to Michael Slusarz
 
06/02/09 rorymckinley (at) gmail (dot) com Comment #5 Reply to this comment
Hi



This problem persists - we were initially using a custom 
redirect_on_logout but we removed that. Now, this problem occurs every 
time we logout, not even on badlogins :(
05/30/09 rorymckinley (at) gmail (dot) com Comment #4 Reply to this comment
Is it possible to alter the page to which Imp redirects the user on 
bad login ? Would it be possible to do this via a config setting?
05/30/09 simon (at) simonandkate (dot) net Comment #3 Reply to this comment
On my system, Imp hands logins back to Horde. When I go on my iPhone 
to my mail site, I get sent to a mobile friendly Horde login page. An 
incorrect login drops me back to that page, upon which a correct login 
sends me to MIMP. I.e. I can't reproduce this. Maybe because I am not 
using Imp for auth but passing back to Horde?
05/27/09 rorymckinley (at) gmail (dot) com Comment #2 Reply to this comment
I realise that this may be a low-priority to fix, so if someone can 
help me patch the file (I am guessing redirect.php) - I am willing to 
try it and test - if that will help things along.
05/27/09 rorymckinley (at) gmail (dot) com Comment #1
State ⇒ Unconfirmed
Patch ⇒
Milestone ⇒
Queue ⇒ MIMP
Summary ⇒ After a bad login a successful mobile login takes the user to DIMP as opposed to MIMP
Type ⇒ Bug
Priority ⇒ 3. High		 Reply to this comment
When connecting to a horde instance, I am routed to the mobile version 
of imp/login.php. If I incorrectly enter the wrong password, I am 
rerouted back to the mobile version of login.php. If I get my password 
correct this time, I get routed to the DIMP interface as opposed to 
the MIMP interface.



The cause for this behaviour lies in imp/redirect.php:



When I first hit the login page - my login url is 
blah.com/imp/login.php?url=%2Findex.php. When I submit my details, 
imp/redirect.php looks for a value of $GLOBALS['url_in'] (passed by 
the login page) in the _newSessionUrl function. If $GLOBALS['url_in'] 
is set, then the url to which I am redirected is defined by $url = 
Horde::url(Util::removeParameter($GLOBALS['url_in'], session_name()), 
true). This works.



However, if I put in a bad password, I get redirected to a url that 
looks something like this...

blah.com/imp/login.php?imapuser=webmaster%40blah.com&horde_logout_token=lTaSVF7eQJ-qNlFXmp8B6lEyxfo&app=imp&logout_reason=badlogin.



If I log in now, redirect.php cannot find a value for 
GLOBALS['url_in'] - and _newSessionUrl calls this line of code:

  return Horde::url($GLOBALS['registry']->get('webroot', $view) . '/', 
true); (line 295)



As a result I am routed to DIMP. It currently looks as if the problem 
is caused by the fact that the GLOBALS['url_in'] variable is not set 
after a good login from the login page after a bad login. This is 
currently only a problem for mobile logins.



I do not know enough about the code base to determine if the problem 
lies with redirect.php or the way that the login page is populated 
after a bad login.