I would like to ask for help with my PHP website that running on IIS Server version 10, as I have no experience with IIS.
Currently, the website face “too many redirects” error after login because the function always checks $_GET[‘code’], but $_GET[‘code’] is always empty.
public function isauthenticated($appid,$twofa = null,$return_uri = null) {
file_put_contents("log_code_check.txt", "[" . date("Y-m-d H:i:s") . "] code param 1: " . ($_GET['code'] ?? 'NULL') . "n", FILE_APPEND);
$this->appid = $appid;
$this->returnuri = $return_uri;
if ( !isset($_GET['code']) ) {
$this->getAuthorized($twofa);
}
return TRUE;
}
After the login process, we can actually see the code parameter in the URL like this:
Log file also captured empty code parameter like this:
[2025-07-17 07:22:35] code param 1: NULL
here’s my web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<defaultDocument>
<files>
<clear />
<add value="Default.htm" />
<add value="Default.asp" />
<add value="index.htm" />
<add value="index.html" />
<add value="iisstart.htm" />
<add value="index.php" />
</files>
</defaultDocument>
<httpProtocol>
<customHeaders>
<add name="Cache-Control" value="max-age=300" />
<add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains; preload" />
<add name="X-Content-Type-Options" value="nosniff" />
<add name="X-Frame-Options" value="SAMEORIGIN" />
<add name="X-Powered-By" value="ASP.NET" />
<add name="X-XSS-Potection" value="1;mode=block" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>