#2807 (ok 3.1.2) ForceSSL and http auth_type
I got a phpMyAdmin 3.1.0 install (my config: http://phpfi.com/385631\) with - most importantly - forcessl and http-auth enabled.
When I log into phpMyAdmin using "https://${ADDRESS}/${PHPMYADMIN_PATH}" as the url, I do not have any issues (as long as I use correct login data, of course).
However, in case I use "http://${ADDRESS}/${PHPMYADMIN_PATH}" as the initial-url, I get automatically redirected to the https-counterpart of that url (see: "A username and password are being requested by https://${ADDRESS} ..." on the login-popup). Regardless of me entering correct login data or not, php throws the following error: "Fatal error: Call to a member function getName() on a non-object in /srv/http/default/phpMyAdmin/libraries/common.inc.php on line 693".
Judgin from the corresponding line of code ("$GLOBALS['theme'] = $_SESSION['PMA_Theme']->getName();") this error appears to be somewhat related to phpMyAdmin's theme system.
Additionally, this very error message will keep popping up unless you delete all of phpMyAdmin's cookies,
This thesis is being backed up by the fact that if you attempt to log in the same manner as mentioned above, but hit cancel on the login popup, the "Welcome to phpMyAdmin"- and "Wrong username/password. Access denied."-messages will be displayed in plain black on white (i.e. no template/theme is applied). As soon as you try to access the page again, the error-message posted above will be thrown again.
I'm running lighttpd 1.4.19-4ubuntu2 with php 5.2.6-2ubuntu4 on a 64bit ubuntu 8.10.
Discussion
Just updated my phpMyAdmin to version 3.1.1. Bug still exists with exactely the same symptoms.
This patch should fix the problem, please confirm.
Patch reference: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_3_1/phpMyAdmin/libraries/common.inc.php?r1=11817&r2=12161
Yeah, that patch fixed the issue.