miniBB Support Forums | 15 years on The Web
miniBB ®

miniBB

®
 
 | Forums | Register | Reply | Search | Statistics | Manual |
Specific miniBB Support Forums / Specific /   
 

After upgrading - can't login

 
 
Page  Page 1 of 2:  1  2  Next »

Author Rider
Partaker
#1 | Posted: 23 Jun 2017 13:35 | Edited by: Rider 
Morning,

I am upgrading from 3.1 to 3.2.2, but after upgrading I can't login to the forum anymore, not as admin nor as a regular user nor as a newly registered user. The connection to the database looks fine, I see all forum posts on the screen. The only thing that happens is that on the main screen when I enter the correct username/pw and click on [Sign in] the username/password fields are blanked out and that's it. No message, no nothing.
For this test I am using the 3.2.2 software out of the box, only changed the name of bb_admin.php and enter the correct settings in setup_options.php. I am using the production database (on which 3.1 is running fine).
The 3.1 version is running fine, logging in goes fine. The server rights on the 3.2.2 folder are the same as on 3.1.

The server support is currently set to php 5.1.6, I could upgrade that to 7.0.20 but haven't had the need to do so yet. I don't know if that may be involved in the problem I have.

Any clues on why I can't login?

Thanks.

Author tom322
Active Member
#2 | Posted: 23 Jun 2017 19:04 
I'd try to delete cookie and try to login again (or try a different browser).

Author Rider
Partaker
#3 | Posted: 23 Jun 2017 19:33 
Thanks. I did that. Both in Safari and Firefox, but still the same.
As far as you know, has anything in the code changed since version 3.1 that needs a later php version on the server?

Author tom322
Active Member
#4 | Posted: 23 Jun 2017 19:43 
There may be some error info in browser console - is there? The issue may be with cookies, I'd make sure the getCSRFCookie function is correctly present in templates. I don't think PHP version is the issue, it should run even on PHP4+..

Author Rider
Partaker
#5 | Posted: 23 Jun 2017 20:24 
After trying to login, a cookie with the suffix _csrfchk (with numeric abracadabra contents) is set. Also there is a getCSRFCookie function present in main_posts.html (it's the default file), so I suppose that's working properly.

I just looked into the error log in Firefox. There are some minor messages, but one maybe relevant. On index.php it says "Er is een formulier in de windows-1252-tekenset verzonden dat niet alle Unicode-tekens kan coderen, waardoor gebruikersinvoer beschadigd kan raken. Om dit probleem te voorkomen, dient u de pagina zo aan te passen dat het formulier in de UTF-8-tekenset wordt verzonden door of de tekenset van de pagina zelf naar UTF-8 te wijzigen, of door accept-charset=utf-8 in het formulierelement te specificeren.", which more or less means that a form was sent in a Windows-1252 set which cannot code all Unicode-signs, thus damaging user input. To avoid this problem you need to edit the page so that the form is sent in UTF-8 set or by changing the page's set to UTF-8 itself, or by specifying accept-charset=utf-8 in the form's element.

Could this be of influence for not being able to login? It sounds like I have to change something in index.php.

Author tom322
Active Member
#6 | Posted: 23 Jun 2017 20:56 
Charset is not the login issue. I'd try to disable all addons (comment from bb_plugins access to them). I could check URL if you have too to try to login.

Author Rider
Partaker
#7 | Posted: 23 Jun 2017 21:44 | Edited by: Rider 
Ok, thanks. There are no addons installed.

About the URL. The first thing it says in the Firefox console directly after clicking on [Sign in] is "POST index.php" with status "302 found" and a bit to the right in the Headers-tab in the console it shows the request-URL "(...)/phpdata/test/index.php?" (notice the questionmark). On the Parameters-tab it shows the actual user_usr and user_pwd I filled out and mode: "login" and queryStr: "" and pagetype: "index". On the Timings-tab it shows a red bar saying "Blocked --> 10ms" and blue bars saying "DNS blabla --> 0ms" and "connect --> 0ms" and "send --> 0ms" and "wait --> 34ms" and "received --> 0ms".
And directly after that comes "GET index.php" with status "200 OK".

(it's hard to explain in words what I am seeing on this screen but I hope I made it clear enough.)

Author tom322
Active Member
#8 | Posted: 23 Jun 2017 22:09 
Last thing I'd try is in setup_options.php to add '/' to cookiepath, like:

$cookiepath = '/';

Otherwise, the best is to contact Paul for private support..

Author Rider
Partaker
#9 | Posted: 23 Jun 2017 23:38 
I replaced bb_cookie.php for the old one. Now I can login again.
Thanks for the help.

Author Paul
Lead Developer
#10 | Posted: 24 Jun 2017 10:32 
Rider
If you check the Upgrades History of miniBB, you will see there were some changes in bb_cookie.php regarding HTTPflag for your version. So this is not up to PHP version and not anything you supposed above. If you analyze setcookie function of the new file more deeply, you will probably find the reason of why it's not working on your server. But preferrably, you should have this option. It's a security issue.

Author Rider
Partaker
#11 | Posted: 24 Jun 2017 10:46 
Yes I read that. I will look further into it. Thank you, also for the moderation of this thread.

Author Rider
Partaker
#12 | Posted: 24 Jun 2017 15:33 
Got it. Problem solved. Thanks for the help and I'm looking forward to the introduction of 3.3. You must be a busy man, if I see how much time it costs me to analyse one single problem, while you are developing an entire forum upgrade release. Thumbs up for that.

Author Paul
Lead Developer
#13 | Posted: 24 Jun 2017 22:19 | Edited by: Paul 
Rider
Would be nice to know the details, what exactly was the reason and what helped :) thanks...

Author Rider
Partaker
#14 | Posted: 25 Jun 2017 00:42 
Yes of course. The HTTPOnly flag in setcookie was added in PHP 5.2.0 according to the PHP documentation. We're on 5.1.6 yet. That's why I temporarily deleted the TRUE-flags in bb_cookie.php, allowing me to login to the forum again. As soon as I have upgraded the server to 5.2.0 or higher I will add the flags again, assuming I'll be able to login then.

Author Paul
Lead Developer
#15 | Posted: 29 Jun 2017 15:38 
Rider:
The HTTPOnly flag in setcookie was added in PHP 5.2.0 according to the PHP documentation.

That's correct and thanks for pointing me to it, didn't notice it earlier... definitely, in the newest release I'll try to bypass this flag following the PHP version. MiniBB should run on older version of PHP disregarding this flag.

Page  Page 1 of 2:  1  2  Next » 
Specific miniBB Support Forums / Specific /
 After upgrading - can't login
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message


 ?
You are welcome to post anonymously, by entering a nickname with no password (if the similar Username has not been taken yet), or by leaving both fields empty. If you have a forums account, you can also sign in from this page without posting a message, or sign in and post at once.


Before posting, make sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.

 
 
 
miniBB Support Forums Powered by Forum Software miniBB ® Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Check out the Captcha add-on: protect your miniBB-forums from the automated spam and flood.
↑ TOP