3.3.1 sessionManagement problem 3.3.1 sessionManagement problem
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

3.3.1 sessionManagement problem

Started by wardie, February 06, 2009, 07:57:20 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

wardie

I think I have a similar problem to ksxj on this post
http://forum.coppermine-gallery.net/index.php/topic,55530.0.html

Setup:
- phpbb 3.0.3
- coppermine 1.4.19, bridged using Nibbler's "[cpg1.4.x]: PHPBB3" bridge
- JUpload 3.3.1 installed via plugin manager
- MySQL 5.0.67-community

Problem is using I can't get upload to work with JUpload using all different sessionManagement parameters:

1. When set to "" (default) I can try and upload a file (it prepares and seems to start loading OK), but get the ^SUCCESS NOT FOUND error with the log on clipboard showing:
18:34:17.342 [DEBUG] -------- Response Body Start (CRLF normalized) --------
18:34:17.343 [DEBUG] getRemoteAddress response: _SERVER['REMOTE_ADDR']\r\n
18:34:17.343 [DEBUG] Entering loadJuploadInternalSessionIfConfiguredTo\r\n
18:34:17.343 [DEBUG] loadJuploadInternalSessionIfConfiguredTo: Before connection\r\n
18:34:17.343 [DEBUG] loadJuploadInternalSessionIfConfiguredTo: connection result=1\r\n
18:34:17.343 [DEBUG] loadJuploadInternalSessionIfConfiguredTo: before select from config:\r\n
18:34:17.343 [DEBUG]  \r\n
18:34:17.343 [DEBUG] SELECT value\r\n
18:34:17.343 [DEBUG] FROM cpg_config\r\n
18:34:17.343 [DEBUG] WHERE name = 'jupload_sessionManagement'\r\n
18:34:17.343 [DEBUG] AND value IN ('JUpload', 'JUpload Simplified')\r\n
18:34:17.343 [DEBUG] \r\n
18:34:17.343 [DEBUG] loadJuploadInternalSessionIfConfiguredTo: Using standard (Coppermine) session management\r\n
18:34:17.343 [DEBUG] loadJuploadInternalSessionIfConfiguredTo: normal end of the function (1)\r\n
18:34:17.343 [DEBUG] You don't have permission to perform this operation.<BR><BR>If you're not connected, please <a href="login.php?referer=plugins/jupload/jupload.php">login</a> first\r\n
18:34:17.343 [DEBUG] --------- Response Body End ---------


2. When set to "JUpload" or the new "JUpload Simplified", which I thought my work OK from reading the similar posts, I just get some more fundamental error with the whole HTML page just returning the MySQL error:
ERROR: (saveJuploadInternalSessionIfConfiguredTo.DELETE) 1146 : Table 'duffers1_phpb1.cpg_jupload_session' doesn't exist "

I have the uploads working fine via the standard file upload process in coppermine, including image conversion (with GD 2.0.34).

Any ideas? Otherwise the plugin looks great!


wardie

Some other useful info I just found out with testing. Using the default "" parameter for sessionManagement, I can successfully load up files as the administrator (group ADMINISTRATORS)  ;D, but not using normal users i.e. in phpbb3 groups (e.g. GLOBAL_MODERATORS, REGISTERED).


etienne_sf

Hi,

  You're problem is different than the one we refere to. But someone else already had this problem:


ERROR: (saveJuploadInternalSessionIfConfiguredTo.DELETE) 1146 : Table 'duffers1_phpb1.cpg_jupload_session' doesn't exist "


  From your proper post, I guess you have some knowledge in the IT world. Can you check if you have the cpg_jupload_session somewhere in your database. I guess it is created somewhere, and read at another place. It's probably due to a misconfiguration somewhere ... Can't be a bug, of course !   ;)

Etienne

wardie

Quote from: etienne_sf on February 07, 2009, 03:40:31 PMFrom your proper post, I guess you have some knowledge in the IT world.
Yes indeed, I used to be a UNIX/SQL developer years ago! Knowledge very rusty though, but I can remember the basics. Right then...

QuoteCan you check if you have the cpg_jupload_session somewhere in your database. I guess it is created somewhere, and read at another place. It's probably due to a misconfiguration somewhere ... Can't be a bug, of course !   ;)
You may be right about the misconfiguration. phpbb3 and coppermine were both installed via fantastico scripts from my host provider. I installed and configured the bridge and jupload on top myself using the normal methods.

I fired up the phpMyAdmin MySql Admin to have a look through the databases. I'm not surprised that "Table 'duffers1_phpb1.cpg_jupload_session' doesn't exist" because the table that exists is in the coppermine database i.e. "duffers1_copp1.cpg_jupload_session" instead! It is currently empty.

Did I screw something up in the jupload installation? (which I did via coppermine plugin manager). Which database do you expect it to be in - logic to me would suggest the coppermine one not pbpbb - i.e. I would guess the table is in the right place but the plugin configuration is looking at phpbb DB not the coppermine DB... Any ideas / next steps?

Also, FYI I still had some problems when running as admin user as well as normal user, contrary to my 2nd post. Must have just struck lucky.  :(


wardie

I also just removed and reinstalled the plugin. I could not see any parameter in the setup that specifies the any database names. Maybe this is something to do with the bridged configuration I have of coppermine to phpbb3, and the applet's determination of database names? Anything you want me to try please let me know!

etienne_sf

I may have too much played with my test platform, and I perhaps now have the cpg_jupload_session everywhere.

  Can you create it in the duffers1_phpb1 database ?
         CREATE TABLE IF NOT EXISTS cpg_jupload_session (
           session_id      varchar(40) NOT NULL,
           jupload_session_id   varchar(40) NOT NULL,
           ip               tinytext    NOT NULL,
           valid_until         datetime   NOT NULL,
           user_name            varchar(25) NOT NULL,
           user_data            text      NOT NULL,
           PRIMARY KEY  (session_id, jupload_session_id)
         ) TYPE=MyISAM COMMENT='Contains JUpload session (see sessionManagement conf param)';

Etienne

wardie

Quote from: etienne_sf on February 09, 2009, 11:56:44 AM
Can you create it in the duffers1_phpb1 database ?
OK table created in phpb1 database OK.

Now I'm getting partial success!
- I have tried with admin and non-admin users, no difference (i.e. sometimes works)
- I have tried with multiple files and single files, and also ones it has to resize and ones not - no difference (i.e. sometimes works)

However I have spotted what I think causes the problem (at least a symptom). I noted that the upload success seems to depend on whether the applet initialises OK before you try and upload files...

a) the uploads always fail when the applet starts up with a yellow dialog box below the status bar at the bottom of the applet. This contains some warnings - I have captured the output.
b) the uploads always work when I navigate to the same page with the applet on but do NOT see any yellow dialog box with warnings.

Hope this helps. I will PM you with the files - the log and screenshots before and after of both (a) and (b) above in a ZIP.


etienne_sf

Hi,

  You pointed out the problem. And it's a really strange one. The problem, as I can see in the log you sent me, is in these lines:

22:31:01.604 [DEBUG] uploadPolicy parameter = DefaultUploadPolicy
22:31:01.604 [DEBUG] uploadPolicy = wjhk.jupload2.policies.DefaultUploadPolicy


This parameter is very important: it controls the applet in which the applet will run. You can see on your screen shot, that the applet buttons are not the same. No picture management in DefaultUploadPolicy.

The correct value is : CoppermineUploadPolicy, not DefaultUploadPolicy. So, in your case, it looks like the browser doesn't read correctly the parameters in the applet tag: if the uploadPolicy parameter is not found, the DefaultUploadPolicy is choosen.

So the question is: what happens to your applet tag ?

Can you check or send me, the html page, generated when the applet doesn't work ?  There must be some parameter with a quote, or something like that.
(if you want to read it, take care: there are two applet tags: the first one, complexe, with the EmptyApplet, and the real one, with the JUploadApplet)

Etienne

wardie

OK - did some more testing and still having mixed results.

I tried with both an admin and non-admin user account using Safari 3.2.1, Firefox 3.0.6 and IE

Safari - my non-admin user worked OK, the the admin user upload failed
Firefox - both users failed to upload, although the applet appear OK at first (to yellow debug) but I later get the failed NO SUCCESS message.
IE - failed with non-admin user (it had to install JRE 5.0 update 17 first...)

I can't honestly say that being an admin vs. non-admin user is at all relevant and I can't isolate when the applet fails versus when it works. Anyway I will PM you with more test output HTML and logs.


etienne_sf

Hum, hum,

No idea, after reading your new logs.

  This issue seems to be a 'nice' one :-\


The problem is not due to bad HTML generetion. Next step is to check java loading. Perhaps the applet can't dynamically load the CoppermineUploadPolicy class. In this case, the DefaultUploadPolicy is loaded, in a statically manner.

  Can you check (quickly) if you have some errors in the java console (you can open it on your computer) , or any error in the web server (looking for the UploadPolicy string, for instance) ? Don't waste time here. If you can't find anything, I'll add some debug information in the applet, and send it to you, to understand what's happening.
  Perhaps a (temporary) admin account would help, if I can repeat the problem (not easy, apparently), and if I can install new version of the JUpload plugin.

Etienne

wardie

OK thanks. I looked on the server error log but there is nothing. I've downloaded a couple of client-side applet console logs and there is a clear difference but you will need to interpret it! I will PM you with the log URLs and also a user login for coppermine so you can go try the applet yourself and see what I mean - I've set up a personal gallery for you to try and upload pics to.

etienne_sf

Hum, hum,

  The only 'interesting' difference I see, within the console log, is this line:

http://duffers.info/gallery/wjhk/jupload2/lang/lang_en_US.properties with cookie "phpbb3_8w3bo_u=54; phpbb3_8w3bo_k=; phpbb3_8w3bo_sid=05f656ba4f00d6a5fb224720652ae422; style_cookie=null; coppermine_data=YTo0OntzOjI6IklEIjtzOjMyOiIxNjJiZTRmZTcwMmFjMWM5Y2Y0MGY2Y2JhNDQ2YWFhMyI7czoyOiJhbSI7aToxO3M6NDoibGFuZyI7czo3OiJlbmdsaXNoIjtzOjM6ImxpdiI7YToyOntpOjA7czoyOiIzNyI7aToxO3M6MjoiNzkiO319"


  It indicates the way the applet loads additional files. The CoppermineUploadPolicy should be loaded the same way. You should have seen a 404 error in the server logs, there. Then, the applet looks in the wjhk.jupload.jar file, and find the file.

But ... others have seen that, without troubles with UploadPolicy. On my test system, I don't. But it's a Windows box. I also test on Unix, but I don't have acess to the apache log, of my ISP.

  I'll try your test account. Hope it will be this evening, but I'm far from sure ...

Etienne

etienne_sf

Hi,

  The test account you've created for me is not an admin: I can not change configuration, and I can not upload a new applet version.

Then: the test gallery uses standard Coppermine session, which doesn't work. I can't try to repeat your problem there.

Can you make my account be an admin ?  (and then, will plugin installation work ? this may depend on your server)

Etienne

wardie

Done - due to the bridge this is done in phpbb, but I've checked and it has worked in coppermine. Good luck and thanks for the effort.

wardie

QuoteThen: the test gallery uses standard Coppermine session, which doesn't work. I can't try to repeat your problem there.
Actually that is odd because the non-admin users I have set up already do seem to "work" sometimes i.e. the applet loads and sometimes works, sometimes not. I will send you another account detail for a non-admin user so you can also see the difference for yourself.


etienne_sf

Hi,

  I tested with:
- Both IE and Firefox (on Windows XP, JRE 1.6 and 1.5)
- Both the admin and non-admin account you created.

I can't repeat the problem.

  Can you:
1) Check again, with these accounts
2) If you can succeed, must I close/re-open the browser, or can I do just F5 to retry to find the applet initialization error.
3) Can you also try the attached jar file (in replacement of the existing one, within the plugin). This is a beta version, for next applet release.

Etienne

wardie

Quote from: etienne_sf on February 14, 2009, 06:49:33 PM
I can't repeat the problem. Can you:
1) Check again, with these accounts
2) If you can succeed, must I close/re-open the browser, or can I do just F5 to retry to find the applet initialization error.
3) Can you also try the attached jar file (in replacement of the existing one, within the plugin). This is a beta version, for next applet release.

OK with a bit of testing I think I have isolated this down to something to do with caching and sessions specifically in Safari on OS X (I guess why you could not replicate!). Almost 100% certain as I managed to get it repeatable.. but only using Safari under OS X so that doesn't help your ability to test this at all. Anyway I have uploaded your beta JAR file and new applet and... In short, your beta has cured the problem so thanks!

THE DETAILS:

I I've run through OS/browser combinations (current applet). I also reset the browser, cleared cache etc. before trying.

TEST 1 - Mac OS X 10.5.6  / Safari 3.2.1
(admin user, but this doesn't seem to make a difference...)
Java Plug-in 1.5.0
Using JRE version 1.5.0_16 Java HotSpot(TM) Client VM

1. first started browser and it had already logged into site using a cached cookie. It also used the JUpload applet from the cacne, according to the log.
2. reset safari, cleared cache etc.
3. logged in to website, tried JUpload - works OK
4. tried another file with the same session - works OK
---
5. Did not log out of phpbb, then Quit Safari
6. Restart Safari and I am still logged in using cookie
7. Go to JUpload page and it FAILS
8. Hit "refresh" and the JUpload applets loads and works OK...
(so that's a workaround at least for me!)
---
9. Logged out of website account
10. Restart Safari
11. Log in using phpbb account
12. Go to JUpload page and it FAILS
13. Hit "refresh" and the JUpload applets loads and works OK...
---

TEST 2 - Mac OS X 10.5.6 / Firefox  3.0.6
I tried all the above steps precisely and it all worked OK, no failures.

TEST 3 - Win XP SP3 (via VMWare) / J2SE build 1.5.0_17-b04 / IE 7.0.5730
I tried all the above steps precisely and it all worked OK, no failures.

TEST 4 - Win XP SP3 (via VMWare) / J2SE build 1.5.0_17-b04 / Safari 3.2.2 (for Win)
Ironically, I tried all the above steps precisely and it all worked OK, no failures.

Next, I also copied your latest JUpload applet JAR file you posted into ~/gallery/plugins/jupload, then tried ALL the above tests again... Now this time it works OK!!! I can tell I'm using the new beta applet you have as you've changed the design of the progress bars at the bottom.

I did notice a difference in applet the behaviour that may be relevant to the sessions and caching, which was that with the new beta version when I go revisit the upload page with a changed session (which broke it in Safari OS X) then I now always get a certificate trust query popping up  - whereas previously I did not get that. I get the warning in both on Safari (OSX) and Firefox, but not in IE.

Anyway, seems like the beta has fixed whatever caching / session related problem Safari on OS X had. Thanks!


etienne_sf

Hi, take care about this beta applet.

  Chunk upload is broken there. Corrected in the attached one. I think I won't release a new version this week, so please test this one, and use .. if you wish.
  If you find bugs there, I'm interested (of course).

Etienne

wardie

OK. Latest version uploaded and seems to be working. I will let you know if there are any problems. Thanks.