500 Error: Must refresh to continue in Hesk...
Posted: Mon Jan 29, 2024 2:17 pm
Script URL: https://mrsmoodytech.com/HelpDesk/index.php
Version of script: Hesk version is CURRENT. | MySQL Version: 5.6.32 | PHP Version: 7.3.2
Hosting company: iPower.com
URL of phpinfo.php: https://mrsmoodytech.com/phpinfo.php
URL of session_test.php: https://mrsmoodytech.com/session_test.php
What terms did you try when SEARCHING for a solution: How to prevent sub-folder from running script from parent directory, Restrict access to subdirectory only, prevent 500 errors from displaying...
Write your message below:
Here's what's going on... I get a generic 500 error accessing the Hesk help desk. I have to refresh to continue on with the program. I KNOW the problem is not with Hesk. My website was created with Weebly. So the server side error logs point to line #65 in Weebly's OriginAPI.php.
This error has been going on since August 2023. Contacting Weebly was no help. The Hesk help desk has been running at my school for over 10+ years. And works great. But I can't have users keep refreshing their browsers just to proceed and submit a ticket. This is very frustrating. I know the solution is simple. If I have to purchase a license then fine. I need a sure-fire solution ASAP.
I have included the server-side error log and the OriginAPI.php line error.
Thanks my friends.
-Rommie
Server log:
20240129T080551: mrsmoodytech.com/HelpDesk/w_api/Handler.php
PHP Notice: Undefined index: Cookie in /hermes/bosnacweb01/bosnacweb01aq/b2126/ipw.kmoody/weeblysite/w_api/OriginAPI.php on line 65
PHP Notice: Undefined index: headers in /hermes/bosnacweb01/bosnacweb01aq/b2126/ipw.kmoody/weeblysite/w_api/OriginAPI.php on line 65
20240129T085832: mrsmoodytech.com/login.php
PHP Notice: Undefined index: redirect in /hermes/bosnacweb01/bosnacweb01aq/b2126/ipw.kmoody/public_html/login.php on line 15
PHP Notice: Undefined index: redirect in /hermes/bosnacweb01/bosnacweb01aq/b2126/ipw.kmoody/public_html/login.php on line 39
20240129T085835: mrsmoodytech.com/login.php
PHP Notice: Undefined index: redirect in /hermes/bosnacweb01/bosnacweb01aq/b2126/ipw.kmoody/public_html/login.php on line 15
Login.php Line 15-39:
if ($_POST['redirect']) {
// User submit login form, process and prepare authentication cookie for destination page to authenticate.
// Set cookie with authentication credentials
$passwordSalt = '(REMOVED)';
// Only take the back chunk which is just the hashed password excluding the salt
$password = substr(crypt($_POST['p'], $passwordSalt), -31);
setrawcookie($cookieName, "weeblylogin:" . $password, time()+(60*60*24*30), '/');
// adapt protocol
$protocol='http';
if (isset($_SERVER['HTTPS'])) {
if (strtoupper($_SERVER['HTTPS']) == 'ON') {
$protocol = 'https';
}
}
// Prevent off-site redirect
$redirect = preg_replace("/^\//", "", $_POST['redirect']);
$redirect = str_replace("\n", "", $redirect);
// redirect to destination page with authentication cookie prepared
header("Location: {$protocol}://".$host."/".$redirect);
} elseif ($_GET['redirect']) {
// Authentication fails, show login page again to let user retry password.
OriginAPI (Line 65):
public static function generateRequestBody( $method, array $body )
{
if ($body['request'] && $body['request']['headers'] && $body['request']['headers']['Cookie']) {
$cookie = $body['request']['headers']['Cookie'];
$cookie = preg_replace('/_sp_ses.[^.]{4}=[^;]*[;$]?/', '', $cookie);
$cookie = preg_replace('/_sp_id.[^.]{4}=[^;]*[;$]?/', '', $cookie);
$cookie = preg_replace('/_snow_ses.[^.]{4}=[^;]*[;$]?/', '', $cookie);
$cookie = preg_replace('/_snow_id.[^.]{4}=[^;]*[;$]?/', '', $cookie);
$body['request']['headers']['Cookie'] = $cookie;
}
Version of script: Hesk version is CURRENT. | MySQL Version: 5.6.32 | PHP Version: 7.3.2
Hosting company: iPower.com
URL of phpinfo.php: https://mrsmoodytech.com/phpinfo.php
URL of session_test.php: https://mrsmoodytech.com/session_test.php
What terms did you try when SEARCHING for a solution: How to prevent sub-folder from running script from parent directory, Restrict access to subdirectory only, prevent 500 errors from displaying...
Write your message below:
Here's what's going on... I get a generic 500 error accessing the Hesk help desk. I have to refresh to continue on with the program. I KNOW the problem is not with Hesk. My website was created with Weebly. So the server side error logs point to line #65 in Weebly's OriginAPI.php.
This error has been going on since August 2023. Contacting Weebly was no help. The Hesk help desk has been running at my school for over 10+ years. And works great. But I can't have users keep refreshing their browsers just to proceed and submit a ticket. This is very frustrating. I know the solution is simple. If I have to purchase a license then fine. I need a sure-fire solution ASAP.
I have included the server-side error log and the OriginAPI.php line error.
Thanks my friends.
-Rommie
Server log:
20240129T080551: mrsmoodytech.com/HelpDesk/w_api/Handler.php
PHP Notice: Undefined index: Cookie in /hermes/bosnacweb01/bosnacweb01aq/b2126/ipw.kmoody/weeblysite/w_api/OriginAPI.php on line 65
PHP Notice: Undefined index: headers in /hermes/bosnacweb01/bosnacweb01aq/b2126/ipw.kmoody/weeblysite/w_api/OriginAPI.php on line 65
20240129T085832: mrsmoodytech.com/login.php
PHP Notice: Undefined index: redirect in /hermes/bosnacweb01/bosnacweb01aq/b2126/ipw.kmoody/public_html/login.php on line 15
PHP Notice: Undefined index: redirect in /hermes/bosnacweb01/bosnacweb01aq/b2126/ipw.kmoody/public_html/login.php on line 39
20240129T085835: mrsmoodytech.com/login.php
PHP Notice: Undefined index: redirect in /hermes/bosnacweb01/bosnacweb01aq/b2126/ipw.kmoody/public_html/login.php on line 15
Login.php Line 15-39:
if ($_POST['redirect']) {
// User submit login form, process and prepare authentication cookie for destination page to authenticate.
// Set cookie with authentication credentials
$passwordSalt = '(REMOVED)';
// Only take the back chunk which is just the hashed password excluding the salt
$password = substr(crypt($_POST['p'], $passwordSalt), -31);
setrawcookie($cookieName, "weeblylogin:" . $password, time()+(60*60*24*30), '/');
// adapt protocol
$protocol='http';
if (isset($_SERVER['HTTPS'])) {
if (strtoupper($_SERVER['HTTPS']) == 'ON') {
$protocol = 'https';
}
}
// Prevent off-site redirect
$redirect = preg_replace("/^\//", "", $_POST['redirect']);
$redirect = str_replace("\n", "", $redirect);
// redirect to destination page with authentication cookie prepared
header("Location: {$protocol}://".$host."/".$redirect);
} elseif ($_GET['redirect']) {
// Authentication fails, show login page again to let user retry password.
OriginAPI (Line 65):
public static function generateRequestBody( $method, array $body )
{
if ($body['request'] && $body['request']['headers'] && $body['request']['headers']['Cookie']) {
$cookie = $body['request']['headers']['Cookie'];
$cookie = preg_replace('/_sp_ses.[^.]{4}=[^;]*[;$]?/', '', $cookie);
$cookie = preg_replace('/_sp_id.[^.]{4}=[^;]*[;$]?/', '', $cookie);
$cookie = preg_replace('/_snow_ses.[^.]{4}=[^;]*[;$]?/', '', $cookie);
$cookie = preg_replace('/_snow_id.[^.]{4}=[^;]*[;$]?/', '', $cookie);
$body['request']['headers']['Cookie'] = $cookie;
}