View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0011535 | mantisbt | authentication | public | 2010-02-23 06:13 | 2011-08-05 02:41 |
Reporter | bmencke | Assigned To | dhx | ||
Priority | normal | Severity | minor | Reproducibility | N/A |
Status | closed | Resolution | not fixable | ||
Product Version | 1.2.0 | ||||
Summary | 0011535: Unexpected behavior while login | ||||
Description | After three wrong login attempts, mantis is going into endless loop. Server hardwareOS: Windows Server 2003 R2 x64 Server configuration (default XAMPP 1.7.3 installation)Apache: 2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color Apache have configured one vhost, pointing to the mantis directory in htdocs. | ||||
Steps To Reproduce | Install xampp 1.7.3 and put the mantis directory in htdocs. Install mantis as default and create a user. After that try to login with that new user three times with a wrong password. After that the browser should load endlessly. | ||||
Tags | No tags attached. | ||||
Attached Files | |||||
Some additional information! PHP Deprecated: Assigning the return value of new by reference is deprecated in C:\WebServices\xampplite\htdocs\mantis\library\nusoap\nusoap.php on line 7386 But also with soap disabled the problem exist. |
|
Okay, i figure out some more information about my problem. |
|
Additionally i found out, that if you disable cookies. You can open the site again after the failure occured. So that is a workaround until the bugfix is available. |
|
Okay i figured out, that mantis hangs if it launches the crypt() function in auth_process_plain_password().
dont know why. so i have commented following lines out and it worked: authentication_api.php: 396: /if( $p_method !== null ) { This is my bugfix!!! |
|
I just noticed from the log file you attached that you're connecting to your MySQL server with the "root" user? That's a very unsafe situation to put yourself in. Can you please tell me which page the redirect loop is pointing to? login_page.php? |
|
i know that to connect with root is unsafe. i will change it in future if all bugs are fixed. |
|
i have is problems too! |
|
I have the same problems. This happens on a Win XP Machine with XAMPP 1.7.3 Apache and MySQL are running as a service. Using Firefox 3.6 as browser The fix from above seems to work fine for me (thanks !!!) I seem to notice that the issue only happens, if I access my machine from a remote PC (in the same LAN) About this:
Maybe that helps for reproducing. |
|
Forgot: My Mantis is version 1.2.0 |
|
Okay PHP released version 5.3.2 which fixed the following bug: Fixed bug #51059 (crypt crashes when invalid salt are given). So I thinks this is our problem. I will wait until xampp updates their packages and then try it with new version of php. But until this, my bugfix from above should help out. |
|
hello, i have always the bug with WAMP and PHP 5.3.2 under XP SP3 to avoid to have this bug don't use CRYPT . To do this : in the file authentication_api.php: Sorry for my poor English but it is'nt my natural language |
|
Please see bmencke's comment regarding upgrading to PHP 5.3.2. I'm closing this issue as "not fixable" as this bug is outside the scope of the MantisBT project... it's an issue with PHP. |
|
jurassic pork (reporter) tip comment the line 349 works for me thx |
|
Our workaround for the problem was to run MantisBT on a Mac instead of Windows Server 2003. |
|
Thank you guys for opening, clarifying and solving this issue. I had the same issue when updating user password in account_page.php of mantis 1.2.1. I use xampp 1.7.3a and windows 7 (for testing purpose, and considering linux for production). Commenting line 349 seems to fix it. |
|
This issue caused me a few hours of head-scratching. (PHP5.3.1 VC6TS on XPSP3 Apache 2.2.14) There are very useful comments here though. Commenting out "CRYPT" indeed solved the problem. Thanks, |
|
Thanks for the solution. It caused me several hours of work. I have PHP 5.3.1. on Apache2.2.14 (XAMMP 1.73 on windows server 2003) and Mantis 1.2.4. Commenting out CRYPT works so far. I don't think this issue should be considered as resolved. First of all you do not replace PHP on a running server. Second, if the fix is really this simple, the array $t_login_methods filled with constants could easily have been defined as a global constant in config_inc.php. Put a few remarks in the manual (and default config file) about the PHP version that causes problems with CRYPT and everybody is happy! |
|
Reminder sent to: dhx David, |
|
Thanks atrol, I will bump the requirement to 5.3.2 as you suggested. I would like to bump it even higher but we're limited by RHEL6 in this case. |
|