Project

General

Profile

Actions
Copy link

Bug #15467

closed

no login to backend possible

Added by Gaertner Datensysteme over 18 years ago. Updated about 16 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Michael Stucki
Category:
-
Target version:
-
Start date:
2006-01-20
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
3.8.1
PHP Version:
4
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

On a debian linux-System with PHP Version 4.3.10-16 no login to the back end was
possible on a freshly installed typo3 (3.8.1).
(dummy-install + typo3_src)

Neither with the 'admin'-user, nor a newly created user.

The problem was solved by commenting out two lines in
class.t3lib_userauth.php

within function compareUident(...):
<snip>
if ($this->challengeStoredInCookie) {
session_start();
if ($_SESSION['login_challenge'] !== $loginData['chalvalue']) {
if ($this->writeDevLog) t3lib_div::devLog('PHP Session stored challenge "'.$_SESSION['login_challenge'].'" and submitted challenge "'.$loginData['chalvalue'].'" did not match, so authentication failed!', 't3lib_userAuth', 2);
  1. $this->logoff();
  2. return FALSE;
    }
    }
    <snip>

Lines with # where disabled to solve the problem...
BTW: It's not quiet clear to me, why $_SESSION['login_challenge'] should be set, if
the session is (possibly) just created.
(issue imported from #M2334)

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Feature #14986: Check if session_support is enabled in PHPClosedMichael Stucki2005-09-21

Actions
Actions
Copy link
 #1

Updated by Christian Boltz over 18 years ago

I can confirm the problem - 90% of the logins fail with "Your login attempt did not succeed. [...]".

I can also confirm that the solution works - I just logged in and out several times and never got login failures. Thanks a log - you saved me lots of time! :-)

BTW: For me, this bug is not minor...

Actions
Copy link
 #2

Updated by Karsten Dambekalns over 18 years ago

From the PHP manual:
----
session_start() creates a session or resumes the current one based on the current session id that's being passed via a request, such as GET, POST, or a cookie.
----

So the challenge should indeed be there, it is sent with the request for the BE login form. Commenting out might solve the symptom, but not the problem...

Actions
Copy link
 #3

Updated by Christian Boltz over 18 years ago

At least it's a working solution for the problem ;-)

Since this doesn't hit too much people, here are some informations about my server:
SUSE Linux 9.1, Apache 2.0.49, PHP 4.3.4

Several Typo3 3.7.0 are running on the same server without this problem, BTW.

Actions
Copy link
 #4

Updated by Michael Stucki about 17 years ago

I think we can just close this bug. Obviously session support is missing in your setup although required.

Btw. it did work with 3.7 but not with 3.8 and later because 3.7 didn't use challenge-response authentication yet...

Actions
Copy link

Also available in: Atom PDF