Cannot login... zm 1.21.3, PHP 4.4.0, Firefox 1.0.5

lazyleopard · Post by **lazyleopard** » Thu Jul 14, 2005 10:23 pm

Argh! I guess too many things changed at one go. I'd forgotten that Firefox and PHP had been upgraded this morning when I installed zm 1.21.3 this evening, so I don't know for sure which bit broke the web side of zm. The business side (zmc, zma, zmaudit, etc.) seems to be working fine, but at present I cannot login to zm wia the web interface. I turned on the diagnostics in zm.php, and I get this lot (mildly trimmed):

Code: Select all

PHP Variables
Variable	Value
_REQUEST["bandwidth"]	high
_REQUEST["format"]	html
_REQUEST["ZMSESSID"]	5c61877fc9570d25a0bc8264cb208899
_COOKIE["bandwidth"]	high
_COOKIE["format"]	html
_COOKIE["ZMSESSID"]	5c61877fc9570d25a0bc8264cb208899
_SERVER["UNIQUE_ID"]	ZPblZsCoEeMAAFqyC-wAAAAE
_SERVER["HTTP_HOST"]	cam.private
_SERVER["HTTP_USER_AGENT"]	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.9) Gecko/20050714 Firefox/1.0.5
_SERVER["HTTP_ACCEPT"]	text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
_SERVER["HTTP_ACCEPT_LANGUAGE"]	en,en-us;q=0.5
_SERVER["HTTP_ACCEPT_ENCODING"]	gzip,deflate
_SERVER["HTTP_ACCEPT_CHARSET"]	ISO-8859-1,utf-8;q=0.7,*;q=0.7
_SERVER["HTTP_KEEP_ALIVE"]	300
_SERVER["HTTP_CONNECTION"]	keep-alive
_SERVER["HTTP_REFERER"]	http://cam.private/zm/index.php
_SERVER["HTTP_COOKIE"]	bandwidth=high; format=html; ZMSESSID=5c61877fc9570d25a0bc8264cb208899
_SERVER["PATH"]	/long/list/of/path/stuff
_SERVER["SERVER_SIGNATURE"]	<address>Apache/2.0.54 (Gentoo/Linux) PHP/4.4.0 Server at cam.private Port 80</address>
_SERVER["SERVER_SOFTWARE"]	Apache/2.0.54 (Gentoo/Linux) PHP/4.4.0
_SERVER["SERVER_NAME"]	cam.private
_SERVER["SERVER_ADDR"]	192.168.nn.mm
_SERVER["SERVER_PORT"]	80
_SERVER["REMOTE_HOST"]	simba.private
_SERVER["REMOTE_ADDR"]	192.168.nn.nm
_SERVER["DOCUMENT_ROOT"]	/www/cam
_SERVER["SERVER_ADMIN"]	www@xxxxxxx
_SERVER["SCRIPT_FILENAME"]	/www/zm/index.php
_SERVER["REMOTE_PORT"]	52737
_SERVER["GATEWAY_INTERFACE"]	CGI/1.1
_SERVER["SERVER_PROTOCOL"]	HTTP/1.1
_SERVER["REQUEST_METHOD"]	GET
_SERVER["QUERY_STRING"]	no value
_SERVER["REQUEST_URI"]	/zm/index.php
_SERVER["SCRIPT_NAME"]	/zm/index.php
_SERVER["PHP_SELF"]	/zm/index.php
_SERVER["PATH_TRANSLATED"]	/www/zm/index.php
_SERVER["argv"]	

Array
(
)

_SERVER["argc"]	0
_ENV["PATH"]	/another/long/list/of/path/stuff


Notice: Undefined variable: cookies in /www/zm/zm.php on line 125

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /www/zm/zm.php:28) in /www/zm/zm.php on line 149

Notice: Undefined index: format in /www/zm/zm.php on line 151

Notice: Undefined variable: cookies in /www/zm/zm.php on line 154

Notice: Undefined variable: device in /www/zm/zm.php on line 155

Notice: Undefined variable: cookies in /www/zm/zm.php on line 156

Notice: A session had already been started - ignoring session_start() in /www/zm/zm_html.php on line 32

Any ideas, anyone? I've checked Firefox's about:config, and it's still set as recommended.

lazyleopard · Post by **lazyleopard** » Thu Jul 14, 2005 10:43 pm

If i turn off the php variables display then the output is subtly different:

Code: Select all

Notice: Undefined variable: cookies in /www/zm/zm.php on line 125

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /www/zm/zm.php:125) in /www/zm/zm.php on line 149

Notice: Undefined index: format in /www/zm/zm.php on line 151

Notice: Undefined variable: cookies in /www/zm/zm.php on line 154

Notice: Undefined variable: device in /www/zm/zm.php on line 155

Notice: Undefined variable: cookies in /www/zm/zm.php on line 156

Notice: A session had already been started - ignoring session_start() in /www/zm/zm_html.php on line 32

Still no indications in log files or the like, though...

SyRenity · Post by **SyRenity** » Thu Jul 14, 2005 10:56 pm

Hi.

I think that it has to do with PHP (php.ini in fact). One of the options allows a more relaxed headers handling - output_buffering. Try to turn it on in the php.ini, and try again (don't forget to restart the apache).

If it doesn't work, try to copy the php.ini-recommended over the php.ini (make a backup thought). You can find it in the PHP distribution, from php.net.

lazyleopard · Post by **lazyleopard** » Thu Jul 14, 2005 11:22 pm

Yes, I think PHP is the prime suspect, but php.ini doesn't seem to have changed (except in comments, and not many of those) between PHP/4.3.11 and PHP/4.4.0 so it may be something else...

Post by **cordel** » Thu Jul 14, 2005 11:46 pm

One thing to check is you have to have :
short_open_tag = On
As Phil has used alot of short tags.
Regards,
Cordel

lazyleopard · Post by **lazyleopard** » Fri Jul 15, 2005 7:45 am

cordel wrote:One thing to check is you have to have :
short_open_tag = On

Yep. Still have that set...

Post by **cordel** » Fri Jul 15, 2005 8:13 am

Darn, I was hoping.
Line 28 in zm.php is phpinfo( INFO_VARIABLES );
which is for debug (I'm sure you already knew) I'd try commenting that out and enable the line below it error_reporting( E_ALL );
May give you a bit more of a clue.

Line 32 in zm_html.php is

Code: Select all

if ( ZM_OPT_USE_AUTH )
{
	session_start();
	if ( isset( $_SESSION['user'] ) )
	{
		$user = $_SESSION['user'];
	}
	else
	{
		unset( $user );
	}
}
else
{
	$user = array(
		"Username"=>"admin",
		"Password"=>"",
		"Language"=>"",
		"Enabled"=>1,
		"Stream"=>'View',
		"Events"=>'Edit',
		"Monitors"=>'Edit',
		"System"=>'Edit',
	);
}

So you might want to check the database and see what is set for zm_auth and hash.
You could also try disabling auth just to see what you get.
Regards,
Cordel

lazyleopard · Post by **lazyleopard** » Fri Jul 15, 2005 12:59 pm

cordel wrote:Darn, I was hoping.
Line 28 in zm.php is phpinfo( INFO_VARIABLES );
which is for debug (I'm sure you already knew) I'd try commenting that out and enable the line below it error_reporting( E_ALL );
May give you a bit more of a clue.

Yep, I tried that. The output is in the second post in this thread. However, I'm now at work, and trying Mozilla 1.6 on Red Hat instead. I can login using it, so this is some weird browser-dependant thing. I can also login from Firefox 1.0.5 running on Windows 2000. For comparison, the diagnostic messages are:

Code: Select all

Notice: Undefined index: format in /www/zm/zm.php on line 151

Notice: Undefined variable: device in /www/zm/zm.php on line 155

Warning: Cannot modify header information - headers already sent by (output started at /www/zm/zm.php:151) in /www/zm/zm.php on line 158

Notice: Undefined variable: bandwidth in /www/zm/zm_html.php on line 21

Notice: A session had already been started - ignoring session_start() in /www/zm/zm_html.php on line 32

So the "format", "device" and "bandwidth" ones don't seem to matter, but the messages ones associated with the "cookies" variable do seem to go with the problem:

Code: Select all

Notice: Undefined variable: cookies in /www/zm/zm.php on line 125
Notice: Undefined variable: cookies in /www/zm/zm.php on line 154
Notice: Undefined variable: cookies in /www/zm/zm.php on line 156

I'll have to check what the browser that's having problems thinks it's doing with cookies...

Post by **cordel** » Fri Jul 15, 2005 1:07 pm

Sweet, sort of, That answered what would have been the next question. Let us know what you find.
Regards,
Cordel

Ruler · Post by **Ruler** » Fri Jul 15, 2005 4:09 pm

Something simple (that I assume you've already tried) is clearing out the cookies in your broswer and checking the permissions for your zoneminder site. Maybe an incompatibility in the cookie format between versions? Or perhaps the new version of firefox has different default cookie permissions?

lazyleopard · Post by **lazyleopard** » Fri Jul 15, 2005 10:41 pm

Ok. I deleted all the cookies that zoneminder had set previously, and now Firefox is quite happy to let me log in, so I guess it was returning a cookie that was causing the problm...

Post by **cordel** » Fri Jul 15, 2005 11:24 pm

Wow

I'd have never thought but that goes with the error and makes since

Glad you got it to shape up

Good call Ruler.
Cheers,
Cordel

lazyleopard · Post by **lazyleopard** » Fri Jul 15, 2005 11:59 pm

Ok. There's a catch. I have to delete cookies every time, and I have to have debug enabled in zm.php. With debug set false I can't log in even if I delete cookies. It's a puzzle...

The upgrade from PHP 4.3.11 to PHP 4.4.0 was triggered by a security issue, as was the upgrade to Firefox 1.0.5.

I havn't tracked down the cookie security option in the new version of Firefox. Maybe it's only in the Windows one?

lazyleopard · Post by **lazyleopard** » Sun Jul 17, 2005 9:50 am

Hmmm... about:config isn't all that helpful. I've tried toggling network.cookie.alwaysAccepSessionCookies, but it doesn't seem to have any effect. The only other one that looks like it might do something useful is network.cookie.cookieBehaviour, but it has a numeric value and no indication as to its function.

Edit: See http://mozilla.gunnars.net/firefox_help ... orial.html and http://kb.mozillazine.org/Firefox_:_FAQ ... etwork..2A
Apparently, Firefox doesn't have the extended control that's present (for now) in Mozilla.

Post by **cordel** » Sun Jul 17, 2005 10:44 am

The problem seems to be that it's not dropping the session cookie is what it sounds like to me. Here are the cookie settings I have if it helps. I haven't update firefox yet either.

Regards,
Cordel