Can't Login
Closed this issue · 17 comments
I have setup everything and it's works just fine but I can't login into admin area, the page always redirect me back into the login screen!
Hi. Is there any error message shown on the login page? Usually, if the username or password (or the combination of them) is wrong, the system should throw the following error message: "The username or password is incorrect." Please note, that the username is case-sensitive.
Default login credentials:
Username: ChangeMe
Password: changeme
No error message show up even I type the wrong cridentials.
This is strange. Have you cookies enabled in your browser? Can you tell me what redirect you are getting? I can reproduce the issue when I don't allow cookies in my browser (or for the specific host). Then I don't get an error message too, even if I type the correct or wrong credentials.
But I don't get an HTTP redirect. After I hit the login button, a POST request is fired and responded with HTTP status code 200 OK. If cookies are disabled, this is normal, because there is no PHPSESSID cookie in the POST request, and therefore, the check for Cross-Site-Request-Forgery will fail (yes, I should throw an error message if that's the case – I'll note it).
When you say "redirect", do you mean an actual HTTP redirect?
I have checked and cookies is enabled on my browser, and yes response is 200 ok from auth.php.
When you say "redirect", do you mean an actual HTTP redirect?
It's actual http redirect with 200 status ok like the page is refreshing but it just come back to the same page again.
Anyway this is what software I use on my server
[root@localhost html]# mysql --version
mysql Ver 15.1 Distrib 5.5.56-MariaDB, for Linux (x86_64) using readline 5.1
[root@localhost html]# mysql Ver 15.1 Distrib 5.5.56-MariaDB, for Linux (x86_64) using readline 5.1nginx --version
[root@localhost html]# nginx -v
nginx version: nginx/1.12.2
[root@localhost html]# php -v
PHP 7.1.17 (cli) (built: Apr 25 2018 08:30:10) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.1.17, Copyright (c) 1999-2018, by Zend Technologies
When I use shared hosting I'm not having this issue
I think it was mysql version that cause the issue but after I upgrade to 5.7 I still can't login.
And I also check for directory owner
total 44
drwxr-xr-x 6 root root 213 May 1 16:42 .
drwxr-xr-x 4 root root 33 May 1 11:12 ..
-rw-r--r-- 1 root root 1168 May 1 16:42 403.php
-rw-r--r-- 1 root root 1168 May 1 16:42 404.php
drwxr-xr-x 5 root root 95 May 1 16:42 admin
drwxr-xr-x 5 root root 123 May 1 16:42 core
-rw-r--r-- 1 root root 7640 May 1 16:42 database.sql
-rw-r--r-- 1 root root 29 May 1 16:42 .gitignore
-rw-r--r-- 1 root root 1778 May 1 16:42 .htaccess
-rw-r--r-- 1 root root 1535 May 1 16:42 .ht-nginx
-rw-r--r-- 1 root root 4140 May 1 16:42 index.php
-rw-r--r-- 1 root root 1099 May 1 16:42 license.md
-rw-r--r-- 1 root root 1313 May 1 16:42 readme.md
drwxr-xr-x 3 root root 19 May 1 16:42 rsrc
drwxr-xr-x 4 root root 35 May 1 16:42 template
And I change to nginx as the owner
total 44
drwxr-xr-x 6 nginx nginx 213 May 1 16:42 .
drwxr-xr-x 4 root root 33 May 1 11:12 ..
-rw-r--r-- 1 nginx nginx 1168 May 1 16:42 403.php
-rw-r--r-- 1 nginx nginx 1168 May 1 16:42 404.php
drwxr-xr-x 5 nginx nginx 95 May 1 16:42 admin
drwxr-xr-x 5 nginx nginx 123 May 1 16:42 core
-rw-r--r-- 1 nginx nginx 7640 May 1 16:42 database.sql
-rw-r--r-- 1 nginx nginx 29 May 1 16:42 .gitignore
-rw-r--r-- 1 nginx nginx 1778 May 1 16:42 .htaccess
-rw-r--r-- 1 nginx nginx 1535 May 1 16:42 .ht-nginx
-rw-r--r-- 1 nginx nginx 4140 May 1 16:42 index.php
-rw-r--r-- 1 nginx nginx 1099 May 1 16:42 license.md
-rw-r--r-- 1 nginx nginx 1313 May 1 16:42 readme.md
drwxr-xr-x 3 nginx nginx 19 May 1 16:42 rsrc
drwxr-xr-x 4 nginx nginx 35 May 1 16:42 template
But the issue still happen.
Hi. OK, I am very interested in what is causing this issue. I've created a temporary patch to debug the auth.php. Please unzip the archive and apply the patch to your auth.php by executing patch auth.php < /path/to/patchfile.patch.
Now go to the login page and hit the login button with the default credentials and post the debug output here. To revert the changes, just execute patch -R auth.php < /path/to/patchfile.patch
Here is an example of the debug output I get when I hit the login button with the correct credentials:
array(2) {
["SESSION"]=>
array(1) {
["token"]=>
string(40) "8DADA4B889CAB101CC6CB7ED3FB5FCFCC5299806"
}
["POST"]=>
array(4) {
["token"]=>
string(40) "8DADA4B889CAB101CC6CB7ED3FB5FCFCC5299806"
["username"]=>
string(8) "MyUsername"
["password"]=>
string(14) "MyPassword"
["auth"]=>
string(9) "Login"
}
}
check #1 check #2
Hi again. I just realize that you are using an unsupported MariaDB version. You are using version 5.5.56, but required is at least version 10.0.5 because the database schema requires the use of full-text indexes on InnoDB tables:
Full-text indexes can be used only with MyISAM and Aria tables, from MariaDB 10.0.5 with InnoDB tables
But I don't really know if this can cause such an issue like this (why is it even possible to import the database.sql without errors). Regardless, it would be still interesting to see what the debug output after the patch looks like.
I'm a little confusing about the patch command, I running this command from terminal
[root@localhost admin]# patch auth.php /usr/share/nginx/auth.php.patch
-bash: patch: command not found
[root@localhost admin]# php patch auth.php /usr/share/nginx/auth.php.patch
Could not open input file: patch
Maybe I have to install something for PHP CLI?
And yes I've notice about the different MariaDB version, it'll get an error if I using MySQL 5.5 and I've doing some modification on database.sql file
from
ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
to
ENGINE=MyIsam DEFAULT CHARSET=utf8mb4;
With this no error happen when importing .sql file
Sorry just forget my dumb question about patch above, here's what I got
array(2) {
["SESSION"]=>
array(0) {
}
["POST"]=>
array(4) {
["token"]=>
string(40) "881E214D8E3FC2A280099ADCC8DE8BF7D4FE4926"
["username"]=>
string(8) "ChangeMe"
["password"]=>
string(8) "changeme"
["auth"]=>
string(5) "Login"
}
}
There is the problem. There is no data in the $_SESSION array, and therefore no CSRF token to check against. But even if the CSRF check would pass, the login wouldn't work because the userID of the logged in user is stored in the session – but the $_SESSION array is empty.
Do you have any other working PHP software on this server which uses sessions?
Nope just this one PHP 7.1. What you suggest? Am I have to reinstall PHP or there is another way?
Let's see if that $_SESSION array is still empty if you execute the following script through your browser:
<?php
if(!session_start()) {
exit('Cannot start session.');
}
if(isset($_SESSION['counter'])) {
$_SESSION['counter']++;
}
else {
$_SESSION['counter'] = 1;
}
echo $_SESSION['counter'] ?? 'unset';
?>
Does it count up the value if you press F5?
This what I got when I access the file and press f5
Cannot start session.
For additional info
[root@localhost html]# php --modules
[PHP Modules]
apcu
bz2
calendar
Core
ctype
curl
date
dom
exif
fileinfo
filter
ftp
gd
gettext
hash
iconv
igbinary
json
libxml
mbstring
mcrypt
memcache
memcached
mongodb
msgpack
mysqli
mysqlnd
openssl
pcntl
pcre
PDO
pdo_mysql
pdo_pgsql
pdo_sqlite
pgsql
Phar
posix
readline
redis
Reflection
session
shmop
SimpleXML
sockets
SPL
sqlite3
standard
sysvmsg
sysvsem
sysvshm
tokenizer
wddx
xml
xmlreader
xmlwriter
xsl
Zend OPcache
zlib
[Zend Modules]
Zend OPcache
OK. That is the problem. For an unknown reason, your PHP environment cannot start session. Could you please execute the following command chain and paste the output here:
cat /path/to/php.ini | grep "session." | grep -v ";"
Well I think I just found the problem :) it was folder owner issue (before I installed nginx I had installed apache), after dig down a little to path: /var/lib/php I found this
[root@localhost php]# ls -la
total 4
drwxr-xr-x 5 root root 53 May 1 16:03 .
drwxr-xr-x. 36 root root 4096 May 2 02:56 ..
drwxrwx--- 2 root apache 6 Apr 25 06:39 opcache
drwxrwx--- 2 root apache 6 Apr 25 06:39 session
drwxrwx--- 2 root apache 6 Apr 25 06:39 wsdlcache
Then I change to this
[root@localhost php]# chown -R nginx:nginx /var/lib/php/
[root@localhost php]# ls -la
total 4
drwxr-xr-x 5 nginx nginx 53 May 1 16:03 .
drwxr-xr-x. 36 root root 4096 May 2 02:56 ..
drwxrwx--- 2 nginx nginx 6 Apr 25 06:39 opcache
drwxrwx--- 2 nginx nginx 6 Apr 25 06:39 session
drwxrwx--- 2 nginx nginx 6 Apr 25 06:39 wsdlcache
And the issues is gone now :D thanks for all your help, this project is super awesome.
Oh! That's exactly what one of my next question would have been. If the permissions for the session files are correct and if the error_reporting is enabled or not, because PHP usually throws an error message if it has no permissions to the session files.
Thanks for your feedback! \(o_o)/