[SOLVED]Unable to Login as User/Admin & browser does not accept script's cookies [SOLVED]Unable to Login as User/Admin & browser does not accept script's cookies
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

[SOLVED]Unable to Login as User/Admin & browser does not accept script's cookies

Started by SemoTech, February 24, 2006, 03:09:27 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

SemoTech

OK, running CPG 1.4.3 as an upgrade from 1.3.2. All new 1.4.3 files copied and overwrote 1.3.2, no mods!

I just spent about 2 hours reading all the posts about the "Warning your browser does not accept script's cookies" and "You don't have permission to access this page" issues and still no luck being able to login properly as a user or manage the gallery as admin.

I "seem" to log in correctly as I receive the "Welcome username ..." message, but then I am taken back to the index.php page as a guest with no admin access!!!!
Same thing happends with any standard user login. (they do not gain access to private albums and stay as guest)

Tried the following with no success:

* checked the password encryption settings through phpMyAdmin - verified it's set to 0 and passwords are NOT encrypted
* checked the config.inc.php file for correct settings as well as no spaces after ?>
* tried both Firefox 1.5.0.1 & IE 6.0.2900 SP2 on TWO separate machines while ensuring that cookies are fully accepted
* tested another upgraded site from my machine and that one also runs cpg143, but I can log in just fine there so it cannot be a browser problem.
* re-copied ALL the cpg143 files
* made sure there are no mods installed (except the 1.4.3 security update)
* ran "update.php" multiple times and got the same combination of "OK" and "Already Done" with no errors
* cookie path variable in config table was always set to "/"
* cookie name variable in config table was always set to "cpg143" (even tried changing it after purging cookies from both browsers and still no luck)
* server/machine time difference not an issue as alternate cpg143 site that functions is on the same server
* i get no errors in any files (except for the red "Warning your browser does not accept script's cookies" warning on login page of course)

I am at a total loss!!!   PLEASE HELP!

BTW, any way NOT to use these blasted cookies and exclusively use session ID's like phpBB does?

The gallery address is here:  http://stefan.semotech.com/albums/index.php

Nibbler

Check for a blank line at the start/end of include/functions.inc.php

SemoTech

UNBELIEVABLE, IT WORKED!!!   THANK YOU!!!

What a STUPID, STUPID problem!

PHP/CPG really needs better error checking for this kind of bullshit.

My sincere thanks!

Nibbler

It's called output buffering. Apparently you have it disabled on your server.

SemoTech

Is this a php.ini setting?

Also, any reason the darn red message about not accepting cookies appears ONLY on this site and not on the other one running the same version and on the same server?

Thanks!


SemoTech

Hmm, ok, I did a phpinfo and got:

output_buffering   no value   no value

Then I did a "locate php.ini" and got this: /usr/lib/php.ini
/usr/local/lib/php.ini
/usr/local/lib/php.ini.new
/usr/local/cpanel/3rdparty/lib/php.ini
/usr/local/cpanel/3rdparty/etc/php.ini
/scripts/php.ini
/var/cpanel/version/php.ini-2
/home/cpapachebuild/buildapache/php-4.3.11/pear/tests/php.ini
/home/cpapachebuild/buildapache/php-4.3.11/php.ini-recommended
/home/cpapachebuild/buildapache/php-4.3.11/php.ini-dist
/home/temp/installd/buildapache/php-4.3.11/pear/tests/php.ini
/home/temp/installd/buildapache/php-4.3.11/php.ini-recommended
/home/temp/installd/buildapache/php-4.3.11/php.ini-dist


Which one should I edit and add "output_buffering 1" to?

Also, could this adversely affect all the other sites?

Thanks!

Joachim Müller

there may be multiple versions of php.ini on your server, but only one of them is actually taken into account. To find out, which one it is, run phpinfo() once more and search the output for "php.ini" - should should you the path under "Configuration File (php.ini) Path".

ejohnstone

I have a question on this thread.
I believe that all my users get this message "about script .. cookies" only the first time they logged in.
They can log in successfully, and never get this message again.

Two thoughts
a) my include/functions.inc.php script does NOT have an empty line at the start or end, but it is a dos file, running on a linux server.
Based on this discussion I wonder if there is an eol issue here, and I wonder if I should do a dos2unix on all these files

b) I ran php.info, and sure enough "output_buffer" is set to no value.  Should I reqest my server admin to set this to 1?  Is this significant?

ejohnstone

Here's a follow up
1) there was one empty line between the last bracket '}' and the end of the file ?>

I removed this, and new users still got the "script ... cookies" message upon their first login

2) I did 'dos2unix' on include/functions.inc.php (reset chmod 644 on this file)  and still the same problem

Then I found this discussion

http://forum.coppermine-gallery.net/index.php?topic=26452.msg122103#msg122103

As a result, I simply set this message to '' in lang/english.php

This eliminated this harmless message, upon first login