• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA with PRADO PHP framework

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> General >> ISA with PRADO PHP framework Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA with PRADO PHP framework - 15.Jan.2008 6:24:43 PM   
remushociota

 

Posts: 64
Joined: 12.Apr.2004
Status: offline
Just wondering if anybody in here had to publish a site written in php which is using the PRADO framework (www.pradosoft.com)?
As there are some challenges there which I have no idea how to overcome, to be more specific the fact that every site page passes through the index.php file located in the root of the site.

thanks
Post #: 1
RE: ISA with PRADO PHP framework - 16.Jan.2008 1:55:24 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
ISA really has nothing to do with the Server-Side Language that the site is written it.  The Server-Side Language never leaves the server,...even the user's browser never sees it.

The ISA and the User's Browser only see:
1. The resulting HTML code generated by the Server-Side App that is interpreted locally in the User's Browser
2. Client-Side componenet like Java Applets or ActiveX Controls that are downloaded and executed locally in the User's Browser
3. The resulting Client-Side Script, generated by the Server-Side App, which is almost always Java Script and is executed locally in the User's Browser.

Nothing ever "sees" the PHP, ASP, or ASP.net except the Web Server itself.  These are all Server-Side technologies.

If ISA has a problem with anything it will be the Client-Side Scripts, HTML, or the Client-Side Components,..which are never directly related to PHP, ASP, or ASP.net.




_____________________________

Phillip Windell

(in reply to remushociota)
Post #: 2
RE: ISA with PRADO PHP framework - 16.Jan.2008 2:05:10 PM   
remushociota

 

Posts: 64
Joined: 12.Apr.2004
Status: offline
I agree 100% to everything you said.
However I was asking this because there is a specific case, typical to PRADO sites that raises a challenge when you need to publish the site.
Meaning the secure (HTTPS) redirection for the login pages. Rather than entering all of this again in this post please look at this one and tell me what do you think (not my first post related to bug in system policy, but the last 3 where I try to exchange that information with Tom). we started on the bug issue which we clearified and than moved to something else but in the same thread...

http://forums.isaserver.org/bug_in_system_policy%3f/m_2002060193/tm.htm

thanks,
remus

(in reply to pwindell)
Post #: 3
RE: ISA with PRADO PHP framework - 17.Jan.2008 10:44:00 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
I'm not going to know what to do with any of that.  You may have to get Tom's attention on that.

A redirection on a web site (on the web site, not on the ISA),... regaurdless of the reason for it,... or the code that performed it,... still does the same thing in the end,..it tells the user's browser to "ask for a different URL",...and then the users browser askes for a new URL (just as if the user typed it into the address bar) and it goes from there.


_____________________________

Phillip Windell

(in reply to remushociota)
Post #: 4
RE: ISA with PRADO PHP framework - 17.Jan.2008 11:11:55 AM   
remushociota

 

Posts: 64
Joined: 12.Apr.2004
Status: offline
Well true but not quite with Prado :)
As you get ISA in between unless you can tell the publish rule about those redirections it won't work, when you have http -> https -> http.
The key is on the https rule to specify a different file name for login. But in prado everything passes through /index.php + some parameters (in the root of the site).
So a redirect from http /login.php to https /login.php and then to http /home.php works. Because from https you send to a different file name.
But in Prado you have the same file name index.php?page=Admin.Login and then index.php?page=Admin.MainPage
Even though the parameters are different the file name is the same... so I am stuck for now on this one.
That is why I asked if anybody else had published a prado site with http https redirects in it...


(in reply to pwindell)
Post #: 5
RE: ISA with PRADO PHP framework - 17.Jan.2008 1:23:31 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
A QueryString is a QueryString is a QueryString.  The underlying Server-side script language doesn't matter.  This isn't doing anything different than what is done when ASP or ASP.net is being used.

I don't see any "redirects" happening here at all.  What I see is data being passed in a QueryString to a Web Server where the Web Server has to "make a decision" based on the value of the data to generate the proper Client-Side Code to send back to the User's browser to be interpreted and displayed by the browser.

But in Prado you have the same file name index.php?page=Admin.Login and then index.php?page=Admin.MainPage
Even though the parameters are different the file name is the same... so I am stuck for now on this one.


This has to be handled properly by the Server-Side code.  When the script page "index.php" receives and parses the data:

page = Admin.Login

It has to generate the proper Client-Side material to the User's browser to present the user with the Login Prompt.

Then when the user submits the credentials you need to pass the information back to the Server-Side code to determine if the user entered to correct credentials. 

The Server-Side code then has to validate the user credentials (somehow) and then if they are valid it uses the value of "page=" to generate the proper Client-Side Code to display "Admin.MainPage" in the user's browser.  But if the credentials are not valid then you need to give it a second option such as "page=Admin.LoginError". 

Neither "page=Admin.MainPage" or "page=Admin.LoginError" would even have to exist in the QueryString.  These would exist only on the Server-side within the Server-Side code where it "makes a choice" based on whether the credentials are valid as to which of the two apply to the value of "page" and give the proper result to the user's browser.

None of this has any effect on ISA or the Publishing Rules.  You just have to make sure the Site is properly published for both HTTP and HTTPS.


_____________________________

Phillip Windell

(in reply to remushociota)
Post #: 6
RE: ISA with PRADO PHP framework - 17.Jan.2008 3:12:18 PM   
remushociota

 

Posts: 64
Joined: 12.Apr.2004
Status: offline
Phillip to take this out of the theory field if you are willing to try it out yourself take a look and see that it doesn't work.
The only thing is that you need PHP on the server you want to publish. I would assume you have that up and running.

So what I try to demonstrate is (and I will try to formulate it as clear as I can): If you want to publish a site that uses both http and https, and you use a redirect in the code to a https page for login, after the user is validated you must send him to a different file name than the one used for login, otherwise it won't work. Which in the case of Prado is not possible because all requests are being passed initially through the same file name.
Also (and very important) for ISA the file index.php?parameter1 counts as the same file name as index.php?parameter2 for the purposes I mentioned above. So it does not take into account the parameters to consider as a different file.

So try this on your server and tell me if it works or how you would publish it.

Create a site www.site.com on your server. Create a test file called test1.php with the following code in it (of course change everywhere www.site.com with the name you will use)

<?php 
if($_SERVER['HTTPS'] != 'on') {
header('Location: https://www.site.com/test1.php?page=login');
   exit();
}
if($_POST['submitted']) {
// validate user
   header('Location: http://www.site.com/test1.php?page=mainpage');
   exit(); 
}  
if($_GET['page']) { 
echo "You are in " . $_GET['page'] . " page";

?>
<form name="form1" action="test1.php" method="post">
<input type="hidden" name="submitted" value="1" />
Username: <input type="text" name="username" /><br />
Password: <input type="text" name="password" /> <br /><br />
<input type="submit">
</form>

As we use this for simulation some explanations:
The first part checks if you are entering the page via http or https. If it is http it sends you to https.
Then we have a form. It's bogus just put anything in it and press the button.
In the page I also show where I'm at just so we know. The first time I am in "You are in login page".
When you press the button what happens? Here is the point where ISA brakes this... if you look it should send you to http://www.site.com/test1.php?page=mainpage but instead it sends me still on HTTPS.
So I can not escape https to save my life! If in here for example it would have been a redirection to http://www.site.com/test2.php then it works!

To publish this I created one http listener and one https listener. The http listener only has port 80 active. The https listener only has port 443 active. I used no authetication in listener and in publish rule I used no delegation and clients cannot autheticate directly. And the rule is for ALL users.

And then I created 2 rules. One for http and one for https.
In the http rule under paths I entered /*
In the https rule under paths I entered /test1.php
Also in the rule under bridging for http I have just the HTTP to port 80 and for the https rule just the 443.

1. So the question is: why can't I escape https??

2. Some more inside on this. If in HTTP rule I put in paths /*
and in https rule I put  /test1.php?page=login
when I go to http://www.site.com/test1.php or http://www.site.com/test1.php?page=login it redirects me to https://www.site.com/test1.php?page=login and then I get The page cannot be displayed with
Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)

and in ISA log I see:

Allowed Connection ISA 1/17/2008 3:21:22 PM
Log type: Web Proxy (Reverse)
Status: 302 Moved Temporarily
Rule: SITE HTTP
Source: External (192.168.1.4)
Destination: (www.site.com 10.0.0.2:80)
Request: GET http://www.site.com/test1.php
Filter information: Req ID: 07b87bb2; Compression: client=Yes, server=No, compress rate=0% decompress rate=0%
Protocol: http
User: anonymous
Additional information
Client agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; WOW64; SV1)
Object source: Internet (Source is the Internet. Object was added to the cache.)
Cache info: 0x40000000 (Response should not be cached.)
Processing time: 10 MIME type:

< Message edited by remushociota -- 3.Feb.2008 10:51:56 PM >

(in reply to pwindell)
Post #: 7
RE: ISA with PRADO PHP framework - 18.Jan.2008 9:38:56 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
I don't have the infrastructure to duplicate this and I don't "speak" PHP.  I only do ASP Classic with VBScript. So I just have to go by what you wrote.

To publish this I created one http listener and one https listener. The http listener only has port 80 active. The https listener only has port 443 active. I used no authetication in listener and in publish rule I used no delegation and clients cannot autheticate directly. And the rule is for ALL users.

And then I created 2 rules. One for http and one for https.
In the http rule under paths I entered /*
In the https rule under paths I entered /test1.php
Also in the rule under bridging for http I have just the HTTP to port 80 and for the https rule just the 443.


It's up to you, but I would do this:

1. Delete the Publishing Rules and the Listeners and start over

2. Create one Listener and one Publishing Rule.  Set them to use both HTTP and HTTPS.  You don't need separate rules and listeners for each protocol.

3. Do not mess with the Paths.

4. See what happens.


_____________________________

Phillip Windell

(in reply to remushociota)
Post #: 8
RE: ISA with PRADO PHP framework - 18.Jan.2008 10:11:56 AM   
remushociota

 

Posts: 64
Joined: 12.Apr.2004
Status: offline
It doesn't work if I do it the way you say.
I get that Status: 302 Moved Temporarily as I also wrote in this post: http://forums.isaserver.org/Status%3a_302_Moved_Temporarily/m_2002060023/tm.htm

The only way it worked when I had different file names for login and home was to create 2 listeners, one for http and one for https and in the https one to specify the path to the file name. Leaving for instance in there /* would brake it.

(in reply to pwindell)
Post #: 9
RE: ISA with PRADO PHP framework - 18.Jan.2008 10:15:20 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Ok, well I don't know then.  Maybe someone else will have some ideas. There isn't anything else I can do with it.


_____________________________

Phillip Windell

(in reply to remushociota)
Post #: 10
RE: ISA with PRADO PHP framework - 18.Jan.2008 10:21:54 AM   
remushociota

 

Posts: 64
Joined: 12.Apr.2004
Status: offline
Thanks I appreciate it.
I am no rookie in ISA, but this thing simply got me stuck at a point of no return :)

(in reply to pwindell)
Post #: 11

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> General >> ISA with PRADO PHP framework Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts