We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.
  1. Home
  2. Beginners

Invo: security and products page warning

Hi there,

I'm working on the INVO tutorial to learn a bit more abpout phalcon. Working well so far, but I have an issue with the security/products page: the tutorial explains that trying to access the protected page (https://mydomain.dev/products/ ) it should display the home page with a warning.

When trying on my dev version, I end up with a blank page. I've added a trace (dump $_SERVER) in the index.php file to see what's happening and where I ended up:

$_SERVER = array ( 'FCGI_ROLE' => 'RESPONDER', 'QUERY_STRING' => '_url=/products/index', 'REQUEST_METHOD' => 'GET', 'SCRIPT_NAME' => '/index.php', 'REQUEST_URI' => '/products/index', 'DOCUMENT_URI' => '/index.php', 'DOCUMENT_ROOT' => '/data/www/invo/public', 'SERVER_PROTOCOL' => 'HTTP/1.1', 'GATEWAY_INTERFACE' => 'CGI/1.1', 'SERVER_SOFTWARE' => 'nginx/1.6.2', 'REMOTE_PORT' => '52551', 'SERVER_PORT' => '80', 'SERVER_NAME' => 'phalcon.nis.dev', 'REDIRECT_STATUS' => '200', 'SCRIPT_FILENAME' => '/data/www/invo/public/index.php', 'HTTP_HOST' => 'phalcon.nis.dev', 'HTTP_COOKIE' => 'PHPSESSID=nojsgpfu2ooi49b8nljrfkbmd7', 'PHP_SELF' => '/index.php', ... )

Checked the dispatcher and SecurtyPlugins are called, but nothing significant there. Plus even though the page displays the trace, the HTTP hreader show the status 404... o_O
I'm a bit lost there.

Is that a bug in the INVO tuto or something wrong with my setting ? Best.



43.9k

Hi,

http error 404 with a blank page, that's strange indeed. Because Invo implements a notFound handler and a dedicated view ...

What does appache error.log tells you ?



24.8k
edited Feb '15

Hi,

Nothing in the error log, that's why I've added traces myself. Digged a bit deeper... the beforeException method is executed in the notFoundPlugin class, and it's supposed to redirect me to the error page [ $dispatcher->forward(array( 'controller' => 'errors', 'action' => 'show500')); ]

But the show500Action() method doesn't seem to be called/executed. Is there any way to trace what's happening when the forward method is called ?

Cheers

[edit] I've tried to use the forward method on the home page, and it doesn't work. Throwing an exception and sending me to the show500 method. Seems like the problem come from there.

[edit2] I believe I've located exactly where the problem is: SecurityPlugin, line 114. The plugin figure out I'm trying to access a restricted page, tries to redirect me to the ErrorController->show401() but that fails, the function show401 is never executed.

[edit3] It seems there's a double problem with the INVO project:

  • securityPlugin: the action show401 is not listed in the publicResources array leading to an infinite loop
  • even after making show401 public, the forward method can't reach it (so ... redicret to show401)


82
in reply to stephane
edited Mar '15

That was so obvious if you think about it. Just needed somone to point it out. Thank you... Was gona trace route myself, since log was useless, but then i thought of google, and found Sutefu. Nice thanks again.

It seems there's a double problem with the INVO project:

  • securityPlugin: the action show401 is not listed in the publicResources array leading to an infinite loop
  • even after making show401 public, the forward method can't reach it (so ... redicret to show401)