I have upgraded my PHP to version 5.2.1 and cookie authentication stopped working. The behaviour is really strange. Sometimes when I supply a valid username and password I can login but get logged out after loading a few phpmyadmin pages. Sometimes I cannot login with the error message that user 'wwwrun' (my Apache daemon user) is not allowed to access MySQL server, although I supplied completely different username. Sometimes it says that the user I supplied cannot access the database but after 3-5 retries with the same username and password I can login.
Reverting back to PHP 5.2.0 with the same phpmyadmin config file and the same php.ini file removes the problem.
There are some security fixes in PHP 5.2.1 (http://www.php.net/releases/5_2_1.php) so it seems to be that they are affecting the behaviour.
This problem also affects phpmyadmin 2.9.2.
For now I have switched to HTTP based authentication, but hopefully there is a fix for this problem soon.
Logged In: YES
user_id=710039
Originator: NO
I inestigated the problem.
1. you are using a 64 bit system
2. you dont have the mcrypt extension loaded
right ?
Way to solve it.
1. install the mcrypt extension
Seems libraries/blowfish.php relies on a broken , old behaviuor of unpack that was fixed in 5.2.1.
Logged In: YES
user_id=1215789
Originator: YES
Thanks so much! You are absolutely right!
I have 64 bit system and I did not have mcrypt extension loaded.
I have recompiled PHP with mcrypt support and everything works fine.
Perhaps, a warning could be implemented to notify about missing mcrypt extension.
Thanks again
Logged In: YES
user_id=710039
Originator: NO
>Perhaps, a warning could be implemented to notify about missing mcrypt
>extension.
I dont think so, I think libraries/blowfish should be updated (dates from 2003) and fixed. unfortunately Im anot a crypto guru , and I only solved installing the mcrypt extension, that is faster and works properly.
Logged In: YES
user_id=210714
Originator: NO
Unfortunately I don't have access to a 64-bit system and this problem does not happen with PHP 5.2.1 on a 32-bit system.
Judas, do you have a reference about the old behavior of unpack() that was fixed in 5.2.1?
Logged In: YES
user_id=1215789
Originator: YES
Try this ;)
http://bugs.php.net/bug.php?id=38770
Logged In: YES
user_id=210714
Originator: NO
Thanks unclef. I'm not sure we can easily fix this, and besides, even when fixed, it produces a very slow behavior in phpMyAdmin on every click. We have this in Documentation.html
"Not really a requirement but a strong suggestion: if you are using the "cookie" authentication method, having the mcrypt PHP extension on your web server accelerates not only the login phase but every other action that you do in phpMyAdmin."
but it's not enough to have it in doc; a warning should be added.
Logged In: YES
user_id=1215789
Originator: YES
You're absolutely right. Since I installed mcrypt my phpmyadmin is considerably faster!
God, I wish I knew it before - I have been using it like that for 2 years!! :-[ ]
I should have read that manual..... :-)
Perhaps it should be made obligatory to have mcrypt loaded when cookie auth is used?
At least a strong warning should be given anyway.
Thank you for your support!
Logged In: YES
user_id=710039
Originator: NO
worls fine in 5.2.0 , So I suspect it is caused by the fix of bug http://bugs.php.net/bug.php?id=38770. since it's 64 bit specific.
Logged In: YES
user_id=210714
Originator: NO
Warning added on main page for 2.10.0-rc2 (or 2.10.0 final).
Logged In: YES
user_id=710039
Originator: NO
This resulted to be a bug in pack/unpack with 64 bit systems that has been fixed today.
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/pack.c?view=log&pathrev=PHP_5_2
applying the latest patch make this stuff work again.