Cannot login... zm 1.21.3, PHP 4.4.0, Firefox 1.0.5

lazyleopard · Post by **lazyleopard** » Sun Jul 17, 2005 7:27 pm

I have tried those combinations, among others. I have also tried using Mozilla 1.7.8 in place of Firefox 1.0.5, and I can't get through the login step with it either. I'm wondering just exactly what the PHP 4.3.11 to 4.4.0 and Firefox 1.0.4 to 1.0.5 security fixes have tightened up on that might be giving zoneminder's login a problem...

For now, via a quick

Code: Select all

mysql> update Config set Value=0 where Name like "ZM_OPT_USE_AUTH";

I'm going to turn authorisation off and see whether anything else has problems...

lazyleopard · Post by **lazyleopard** » Sun Jul 17, 2005 7:33 pm

Hmmm... One oddity so far. When I changed the bandwidth setting from low to high, the popup went blank but dudn't close...

Post by **zoneminder** » Mon Jul 18, 2005 10:01 pm

This sounds like a worrying one. There isn't a GB FireFox 1.05 just yet but as soon as it's out I'll see if I can reproduce this.

Phil

lazyleopard · Post by **lazyleopard** » Tue Jul 19, 2005 10:00 am

Rumours suggest that 1.0.6 might not be long...

lazyleopard · Post by **lazyleopard** » Thu Jul 21, 2005 10:32 am

Ok. Firefox 1.0.6 doesn't alter anything, so it looks like PHP 4.4.0 is the most likely culprit. Is anyone else using PHP 4.4.0? (It's a security update from 4.3.11, so I'd expect at least a few folk to have it already...)

Post by **zoneminder** » Thu Jul 21, 2005 11:44 am

I'm planning to get another box with the latest greatest everything on it to test/investigate this kind of thing. My main box is firmly roted in FC1. Hopefully I can get something up in the next week or so.

Phil

lazyleopard · Post by **lazyleopard** » Sun Jul 24, 2005 4:37 pm

A friend who does quite a bit of PHP development was complaining about the extent of the change between 4.3.11 and 4.4.0, and suggested turning error reporting up to E_NOTICE. The only thing that picked up was a fleeting glimpse of a message which I think reads

Code: Select all

Notice: Undefined variable: mid in /www/zm/zm_actions.php on line 154

Tweaking it up to E_ALL but not using $debug gives some other indications:

Code: Select all

Notice: import_request_variables(): No prefix specified - possible security hazard in /www/zm/zm.php on line 22
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /www/zm/zm.php:22) in /www/zm/zm.php on line 149
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /www/zm/zm.php:22) in /www/zm/zm.php on line 149
Notice: Undefined index: format in /www/zm/zm.php on line 151
Notice: Undefined variable: device in /www/zm/zm.php on line 155
Warning: Cannot modify header information - headers already sent by (output started at /www/zm/zm.php:22) in /www/zm/zm.php on line 158
Notice: Undefined variable: bandwidth in /www/zm/zm_html.php on line 21
Notice: A session had already been started - ignoring session_start() in /www/zm/zm_html.php on line 32
Notice: Undefined variable: mid in /www/zm/zm_actions.php on line 154

He commented

I was adding note objects to an array by reference, and the last result is false, so all entries became false. Perfectly natural behaviour for other languages, just not how PHP has acted in the past.

if that makes any sense to you...

Ruler · Post by **Ruler** » Tue Jul 26, 2005 8:31 pm

Wow - I was right about something.

Maybe download and try the mozilla suite 1.7.8. FireFox is simply the browser component ripped out to run as a standalone app. I haven't used FireFox all that much, so I don't know what cookie controls are available there, but in Mozilla, you can set it so that all cookies are cleared at the end of the session.

It'd be interesting to find out the root cause of this problem though.

lazyleopard · Post by **lazyleopard** » Wed Jul 27, 2005 12:10 pm

Ruler wrote:It'd be interesting to find out the root cause of this problem though.

I'm pretty sure the root cause will be something in PHP 4.4.0, as I've seen or heard about several other PHP packages that have had trouble with the upgrade from 4.3.11 to 4.4.0. There's been a tightening-up of the places you can use references, and a change in the way things behave when they're used in array situations.

Post by **zoneminder** » Thu Jul 28, 2005 9:26 am

Do you have a link to anywhere that might have a discussion of what the issues/changes with php might be. If I know then I can try a fix. I want to get php4.4 on a box at home, but unfortunately my daughter is currently sleeping in my computer room so time in the evenings is a bit limited!

Phil

lazyleopard · Post by **lazyleopard** » Thu Jul 28, 2005 12:43 pm

One brief conversation in LiveJournal here, and some comments in the support forums for punBB and SMF.

Post by **zoneminder** » Fri Jul 29, 2005 11:45 am

Thanks Rick, I'll take a look at those links.

Phil

lazyleopard · Post by **lazyleopard** » Fri Jul 29, 2005 11:58 am

There was also something in the MediaWiki release notes about "a large number of notice-level warnings" but in their case it doesn't seem to stop things working...