Some additional information!
In the phpmyadmin console i see a connected session after the third login attempt.
So the mysql connection ethablished before the loop occured.
For the dbo connection i tried both, mysql and mysqli.
Additionally i disaled all php plugins except mysql.
In my php_error.log i see a line every ten minute saying:

PHP Deprecated: Assigning the return value of new by reference is deprecated in C:\WebServices\xampplite\htdocs\mantis\library\nusoap\nusoap.php on line 7386

But also with soap disabled the problem exist.

Okay, i figure out some more information about my problem.
If i restart apache and mysql service and try to login multiple times with wrong pwd, the loop do not happen. But when i login to mantis with any configured user (except admin) and then log off and do the wrong password procedure again, the loop happens. This is what i find out. I have attached a sql log showing first the login attempt with wrong pwd, then the successful login attempt and after this the two login attempts where the error occured.
I tried the successful login with the admin account, but instead of this a normal user logged in. Couldnt reproduce the problem only with admin acc.
Hopefully this could help.

Additionally i found out, that if you disable cookies. You can open the site again after the failure occured. So that is a workaround until the bugfix is available.

Okay i figured out, that mantis hangs if it launches the crypt() function in auth_process_plain_password().
This function do not try only the configured auth method, it tries three:

• MD5
• CRYPT
• PLAIN

dont know why. so i have commented following lines out and it worked:

authentication_api.php:

396: /if( $p_method !== null ) {
397: $t_login_method = $p_method;
398: }/

This is my bugfix!!!

I just noticed from the log file you attached that you're connecting to your MySQL server with the "root" user? That's a very unsafe situation to put yourself in.

Can you please tell me which page the redirect loop is pointing to? login_page.php?

i know that to connect with root is unsafe. i will change it in future if all bugs are fixed.
You cannot say which page exactly makes the loop. It occures at all pages that will call the auth_process_plain_password() function.
So its at login, password change after login, password change upon account creation.
I posted a bugfix that helped me out of this problem two post above.
The problem is, that mantis calls the auth_process_plain_password() function, which calls the crypt() function with some parameters. At this point the script freezes. I dont know if it is a php or a mantis problem. But i couldnt find anything in php bugtracker.
If you copy the crypt() function to an outstanding .php file an call it after the normal loop occures with two parameters (the key and the salt), the loop occures too. So you have to delete your cookies and after that, everything is fine. So i think there is a problem with cookie handling in mantis.

i have is problems too!

I have the same problems.

This happens on a Win XP Machine with XAMPP 1.7.3
The installation is pretty new, with little changes.

Apache and MySQL are running as a service. Using Firefox 3.6 as browser

The fix from above seems to work fine for me (thanks !!!)

I seem to notice that the issue only happens, if I access my machine from a remote PC (in the same LAN)

About this:

1. login / logout on localhost => no problem
2. login / logout on remote PC => hanging
3. login / logout on localhost again => also hanging.

Maybe that helps for reproducing.

Forgot: My Mantis is version 1.2.0

Okay PHP released version 5.3.2 which fixed the following bug:

Fixed bug #51059 (crypt crashes when invalid salt are given).

So I thinks this is our problem. I will wait until xampp updates their packages and then try it with new version of php. But until this, my bugfix from above should help out.

hello,

i have always the bug with WAMP and PHP 5.3.2 under XP SP3

to avoid to have this bug don't use CRYPT . To do this :

in the file authentication_api.php:
comment the line 349 -->
346 $t_password = user_get_field( $p_user_id, 'password' );
347 $t_login_methods = Array(
348 MD5,
349 # CRYPT, MODIF Jurassic Pork 8/4/2010
350 PLAIN,
351 );

Sorry for my poor English but it is'nt my natural language

Please see bmencke's comment regarding upgrading to PHP 5.3.2.

I'm closing this issue as "not fixable" as this bug is outside the scope of the MantisBT project... it's an issue with PHP.

jurassic pork (reporter) tip comment the line 349 works for me thx

Our workaround for the problem was to run MantisBT on a Mac instead of Windows Server 2003.

Thank you guys for opening, clarifying and solving this issue. I had the same issue when updating user password in account_page.php of mantis 1.2.1. I use xampp 1.7.3a and windows 7 (for testing purpose, and considering linux for production). Commenting line 349 seems to fix it.

This issue caused me a few hours of head-scratching. (PHP5.3.1 VC6TS on XPSP3 Apache 2.2.14) There are very useful comments here though. Commenting out "CRYPT" indeed solved the problem.

Thanks,
Davor

Thanks for the solution. It caused me several hours of work. I have PHP 5.3.1. on Apache2.2.14 (XAMMP 1.73 on windows server 2003) and Mantis 1.2.4. Commenting out CRYPT works so far.

I don't think this issue should be considered as resolved. First of all you do not replace PHP on a running server. Second, if the fix is really this simple, the array $t_login_methods filled with constants could easily have been defined as a global constant in config_inc.php. Put a few remarks in the manual (and default config file) about the PHP version that causes problems with CRYPT and everybody is happy!

Thanks atrol, I will bump the requirement to 5.3.2 as you suggested. I would like to bump it even higher but we're limited by RHEL6 in this case.