Your message dated Sun, 10 Apr 2005 18:25:17 +0200 (CEST)
with message-id <[EMAIL PROTECTED]>
and subject line Bug#304044: login broken, username always reset to www-data
with mod_ssl and php4-mcrypt
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 10 Apr 2005 14:50:10 +0000
>From [EMAIL PROTECTED] Sun Apr 10 07:50:10 2005
Return-path: <[EMAIL PROTECTED]>
Received: from pop.gmx.net (mail.gmx.net) [213.165.64.20]
by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
id 1DKdlJ-00030P-00; Sun, 10 Apr 2005 07:50:10 -0700
Received: (qmail invoked by alias); 10 Apr 2005 14:49:36 -0000
Received: from chello080108252219.4.14.tuwien.teleweb.at (EHLO netcom)
[80.108.252.219]
by mail.gmx.net (mp005) with SMTP; 10 Apr 2005 16:49:36 +0200
X-Authenticated: #2339339
Message-ID: <[EMAIL PROTECTED]>
From: "Rene Konasz" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: login broken, username always reset to www-data with mod_ssl and
php4-mcrypt
Date: Sun, 10 Apr 2005 16:49:41 +0200
Organization: TheStar netCom
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="iso-8859-1";
reply-type=original
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2527
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
X-Y-GMX-Trusted: 0
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_01,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: phpmyadmin
Version: 2.6.2-rc1-1
Hello,
the latest version by upstream added a slash to $cookie_path that breaks
logins with SSL (mod_ssl) only when using php4-mcrypt.
Maybe this is related to the problems that PHP4 and php4-mcrypt with ZTS
incorporated some weeks ago, this has already been adressed in Sid, but not
in Sarge yet, but maybe this is a new and different problem. I can confirm
this after the fixed PHP4 enters Sarge.
A login (e.g. user "test") to phpmyadmin results in the following queries
(this is with cookie auth and a controluser set, without controluser only
connecting as www-data is tried):
050410 15:45:43 9 Connect [EMAIL PROTECTED] on
9 Query SELECT VERSION() AS version
10 Connect Keine Zugriffsberechtigung f�r Benutzer: '[EMAIL PROTECTED]'.
(Verwendetes Passwort: Ja)
9 Quit
Patching common.lib.php to without the extra slash lets login me again:
--- common.lib.php.orig 2005-04-05 21:36:44.000000000 +0200
+++ common.lib.php 2005-04-10 16:18:17.000000000 +0200
@@ -1158,7 +1158,7 @@
// some variables used mostly for cookies:
$pma_uri_parts = parse_url($cfg['PmaAbsoluteUri']);
- $cookie_path = substr($pma_uri_parts['path'], 0,
strrpos($pma_uri_parts['path'], '/')) . '/';
+ $cookie_path = substr($pma_uri_parts['path'], 0,
strrpos($pma_uri_parts['path'], '/'));
$is_https = (isset($pma_uri_parts['scheme']) &&
$pma_uri_parts['scheme'] == 'https') ? 1 : 0;
$dblist = array();
All packages are up to date following Sarge:
ii apache 1.3.33-4 versatile, high-performance HTTP server
ii libapache-mod-php4 4.3.10-9 server-side, HTML-embedded scripting
languag
ii libapache-mod-ssl 2.8.22-1 Strong cryptography (HTTPS support) for
Apac
ii php4-mcrypt 4.3.10-0.1 MCrypt module for php4
ii php4-mysql 4.3.10-9 MySQL module for php4
ii phpmyadmin 2.6.2-rc1-1 set of PHP-scripts to administrate MySQL
ove
Best regards, Ren�
---------------------------------------
Received: (at 304044-close) by bugs.debian.org; 10 Apr 2005 16:26:02 +0000
>From [EMAIL PROTECTED] Sun Apr 10 09:26:02 2005
Return-path: <[EMAIL PROTECTED]>
Received: from szafir.internetia.pl [212.106.7.66]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DKfG6-0000D2-00; Sun, 10 Apr 2005 09:26:02 -0700
Received: from granat.internetia.pl ([195.114.173.177.24998])
by szafir.internetia.pl with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 3.35)
envelope-from <[EMAIL PROTECTED]>
id 1DKfFM-0003ZC-00; Sun, 10 Apr 2005 18:25:16 +0200
Date: Sun, 10 Apr 2005 18:25:17 +0200 (CEST)
From: Piotr Roszatycki <[EMAIL PROTECTED]>
To: Rene Konasz <[EMAIL PROTECTED]>
cc: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Subject: Re: Bug#304044: login broken, username always reset to www-data with
mod_ssl and php4-mcrypt
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
On Sun, 10 Apr 2005, Rene Konasz wrote:
> Hello Piotr,
>
> thank you for your fast reply and your suggestion. You are right, cleaning
> up the cookies in the browser solved the problem immediately. A funny effect
> that the old cookie survived many browser und PC restarts and also was not
> overwritten by a new one. Also funny that the login username completely
> disappeared and has fallen back to the system user running apache, strange
> (for me). At least not another ZTS bug in PHP4.
>
> Finally your "fix" is the best ;-)
The cookie related problems are very annoying. I'll try to make some
'cookie cleaner' routines...
--
.''`. Piotr Roszatycki, Netia SA
: :' : mailto:[EMAIL PROTECTED]
`. `' mailto:[EMAIL PROTECTED]
`-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
