When using the CGI version of PHP, IIS will not send out any other headers with a 302 response other than the "Location" header. This causes problems when trying to log in to wp1.5 as it attempts to set the cookie and also issue a redirect.
Fix is to use the code which mysteriously vanished from the 1.2.2 wp-login page:
Replace on line 185:
header("Location: $redirect_to");
with
if ($is_IIS)
header("Refresh: 0;url=$redirect_to");
else
header("Location: $redirect_to");
This should solve the problems I've seen a few people on the boards having with login. Hope this helps make WP a better system.
That code "mysteriously vanished" because it caused security risks. I'm not sure how, but that's the word.
TobySimmons
Member
Posted 4 years ago #
What was the security risk? I'm asking because if you are running WordPress on an IIS 5.0 server (Windows 2000) then the regular code just won't work. (Please don't say use a different server.)
If you have a setcookie() command followed by a header('Location: ') directive in a php script, the cookie headers are stripped before the redirection header is sent. This bug is documented in the following knowledge base article: http://support.microsoft.com/kb/q176113/ on Microsoft's site. I've made the modification to my code in wp-login.php (two places, since it does the same thing when you want to log-out) as well as in the wp-pass.php file. I haven't found any other places where setcookie() is followed by header('Location:') ... does anyone else have any feedback?
TobySimmons
Member
Posted 4 years ago #
Well, I haven't heard from anyone, so I'm gonna post my list of edits to get WordPress running on IIS 5. If someone has a better way, please let me know! Fixing WP 1.5 for IIS 5
Thanks for posting your fix. That got me going!
Much appreciated.
Knuth
throx
Knuth