Menu

#2354 (ok 2.10.0-rc2) Cookie auth + PHP 5.2.1 + 64-bit

2.10.0-rc1
fixed
1
2013-06-11
2007-02-12
unclef
No

I have upgraded my PHP to version 5.2.1 and cookie authentication stopped working. The behaviour is really strange. Sometimes when I supply a valid username and password I can login but get logged out after loading a few phpmyadmin pages. Sometimes I cannot login with the error message that user 'wwwrun' (my Apache daemon user) is not allowed to access MySQL server, although I supplied completely different username. Sometimes it says that the user I supplied cannot access the database but after 3-5 retries with the same username and password I can login.

Reverting back to PHP 5.2.0 with the same phpmyadmin config file and the same php.ini file removes the problem.

There are some security fixes in PHP 5.2.1 (http://www.php.net/releases/5_2_1.php) so it seems to be that they are affecting the behaviour.

This problem also affects phpmyadmin 2.9.2.

For now I have switched to HTTP based authentication, but hopefully there is a fix for this problem soon.

Discussion

  • Sebastian Mendel

    • priority: 5 --> 7
     
  • Cristian Rodriguez

    Logged In: YES
    user_id=710039
    Originator: NO

    I inestigated the problem.

    1. you are using a 64 bit system
    2. you dont have the mcrypt extension loaded

    right ?

    Way to solve it.

    1. install the mcrypt extension

    Seems libraries/blowfish.php relies on a broken , old behaviuor of unpack that was fixed in 5.2.1.

     
  • unclef

    unclef - 2007-02-12

    Logged In: YES
    user_id=1215789
    Originator: YES

    Thanks so much! You are absolutely right!

    I have 64 bit system and I did not have mcrypt extension loaded.
    I have recompiled PHP with mcrypt support and everything works fine.

    Perhaps, a warning could be implemented to notify about missing mcrypt extension.

    Thanks again

     
  • Cristian Rodriguez

    Logged In: YES
    user_id=710039
    Originator: NO

    >Perhaps, a warning could be implemented to notify about missing mcrypt
    >extension.

    I dont think so, I think libraries/blowfish should be updated (dates from 2003) and fixed. unfortunately Im anot a crypto guru , and I only solved installing the mcrypt extension, that is faster and works properly.

     
  • Marc Delisle

    Marc Delisle - 2007-02-13
    • summary: Cookie authentication + PHP 5.2.1 does not work --> Cookie auth + PHP 5.2.1 + 64-bit without mcrypt
     
  • Marc Delisle

    Marc Delisle - 2007-02-13

    Logged In: YES
    user_id=210714
    Originator: NO

    Unfortunately I don't have access to a 64-bit system and this problem does not happen with PHP 5.2.1 on a 32-bit system.

    Judas, do you have a reference about the old behavior of unpack() that was fixed in 5.2.1?

     
  • unclef

    unclef - 2007-02-13

    Logged In: YES
    user_id=1215789
    Originator: YES

    Try this ;)

    http://bugs.php.net/bug.php?id=38770

     
  • Marc Delisle

    Marc Delisle - 2007-02-13

    Logged In: YES
    user_id=210714
    Originator: NO

    Thanks unclef. I'm not sure we can easily fix this, and besides, even when fixed, it produces a very slow behavior in phpMyAdmin on every click. We have this in Documentation.html
    "Not really a requirement but a strong suggestion: if you are using the "cookie" authentication method, having the mcrypt PHP extension on your web server accelerates not only the login phase but every other action that you do in phpMyAdmin."

    but it's not enough to have it in doc; a warning should be added.

     
  • unclef

    unclef - 2007-02-13

    Logged In: YES
    user_id=1215789
    Originator: YES

    You're absolutely right. Since I installed mcrypt my phpmyadmin is considerably faster!
    God, I wish I knew it before - I have been using it like that for 2 years!! :-[ ]
    I should have read that manual..... :-)

    Perhaps it should be made obligatory to have mcrypt loaded when cookie auth is used?
    At least a strong warning should be given anyway.

    Thank you for your support!

     
  • Cristian Rodriguez

    Logged In: YES
    user_id=710039
    Originator: NO

    worls fine in 5.2.0 , So I suspect it is caused by the fix of bug http://bugs.php.net/bug.php?id=38770. since it's 64 bit specific.

     
  • Marc Delisle

    Marc Delisle - 2007-02-14

    Logged In: YES
    user_id=210714
    Originator: NO

    Warning added on main page for 2.10.0-rc2 (or 2.10.0 final).

     
  • Marc Delisle

    Marc Delisle - 2007-02-14
    • priority: 7 --> 1
    • assigned_to: nobody --> lem9
    • summary: Cookie auth + PHP 5.2.1 + 64-bit without mcrypt --> (ok 2.10.0-rc2) Cookie auth + PHP 5.2.1 + 64-bit
    • status: open --> open-fixed
     
  • Marc Delisle

    Marc Delisle - 2007-02-28
    • status: open-fixed --> closed-fixed
     
  • Cristian Rodriguez

    Logged In: YES
    user_id=710039
    Originator: NO

    This resulted to be a bug in pack/unpack with 64 bit systems that has been fixed today.

    http://cvs.php.net/viewvc.cgi/php-src/ext/standard/pack.c?view=log&pathrev=PHP_5_2

    applying the latest patch make this stuff work again.

     
  • Michal Čihař

    Michal Čihař - 2013-06-11
    • Status: closed-fixed --> fixed