Login with username/password does not work with SSL-Proxy
Hey,
I've installed selfoss and it works like a charme. A excellent piece of software!
But I have a problem with the login-feature.
I've generated a password and the login works great with normal http.
But with my used SSL-Proxy (http://faq.hosteurope.de/index.php?cpid=10962) the login does not work anymore.
I'll do not receive any error message. There still appears the login page.
But the system accepts the user/password combination: if I chose a wrong combination I'll receive a error.
Any ideas?
Thank you!
Stephan
Same problem with all-inkl.com SSL-Proxy
Same problem here; login works perfect as long as i'm not using my ssl-proxy (https://ssl-account.com/my_selfoss_domain.de). the base_url is configured correctly, htaccess is configured correctly.
when i provide invalid user/password, selfoss says "invalid username/password". when i provide correct user/password, the login-screen just loads again...
Same problem with all-inkl.com SSL-Proxy
I've spend some time to solve the problem and found a solution.
I'm not sure if it is the best one, but it works well. 
It is a "simple" problem with the needed cookie!
Currently selfoss does not set the domain and path correctly if you use a SSL proxy.
In "helpers/Authentication.php" find these two lines
// session cookie will be valid for one month
session_set_cookie_params((3600*24*30), "/");
and replace them with these lines
// check for SSL proxy and special cookie options
if(isset($_SERVER['HTTP_X_FORWARDED_SERVER'])) {
// set cookie details (http://php.net/manual/en/function.setcookie.php)
// order: expire, path, domain, secure, httponly
session_set_cookie_params((3600*24*30), '/'.$_SERVER['SERVER_NAME'].preg_replace('/\/[^\/]+$/','',$_SERVER['PHP_SELF']).'/', $_SERVER['HTTP_X_FORWARDED_SERVER'], "true", "true");
} else {
// session cookie will be valid for one month
session_set_cookie_params((3600*24*30), "/");
}
From now on it is checked if you use a SSL proxy and the cookie details are set correctly. 