Bug #52358
closed
Epic #68397: Make TYPO3 work with MySQL strict mode
can't login to backend or install tool with PHP 5.4.19 (Typo3-internal session handler broken)
100%
Description
On a new server with openSUSE 13.1 beta (which comes with Apache 2.4.6 and PHP 5.4.19), it's impossible to login to the backend or to the install tool.
The password is recognized as valid (the install tool does not display the md5sum of the entered password, and the backend logs a successful(!) login in sys_log), but I always get the login form again.
After lots of research (also with some help in #typo3), I found out that the Typo3-internal session handling causes this - if I disable the Typo3-internal session handler in the install tool, I can successfully login (see attached patch, which is of course only a workaround).
Unfortunately disabling the Typo3-internal session handling for the backend login is not that easy, therefore I need some help ;-)
I can reproduce this problem with Typo3 4.5.30 and 6.1.3.
Files
Updated by Christian Boltz about 11 years ago
I also (finally) found the problem that prevented the backend login. This time it's not PHP, but MySQL/MariaDB strict mode ;-)
class.t3lib_userauth.php getNewSessionRecord() does not set the ses_data field, which has no default in the database. The result was that $GLOBALS['TYPO3_DB']->exec_INSERTquery failed.
To make things worse, exec_INSERTquery fails silently. It should at least report the error to the devlog...
That all said, here's the patch (for 4.5.30, but it's probably needed for all Typo3 versions):
--- typo3_src-4.5.30/t3lib/class.t3lib_userauth.php 2013-09-12 11:30:04.000000000 +0200
+++ typo3_src/t3lib/class.t3lib_userauth.php 2013-09-29 15:51:45.000000000 +0200
@@ -813,10 +813,11 @@
function getNewSessionRecord($tempuser) {
return array(
'ses_id' => $this->id,
'ses_name' => $this->name,
'ses_iplock' => $tempuser['disableIPlock'] ? '[DISABLED]' : $this->ipLockClause_remoteIPNumber($this->lockIP),
'ses_hashlock' => $this->hashLockClause_getHashInt(),
'ses_userid' => $tempuser[$this->userid_column],
- 'ses_tstamp' => $GLOBALS['EXEC_TIME']
+ 'ses_tstamp' => $GLOBALS['EXEC_TIME'],
+ 'ses_data' => '' ### cboltz - http://forge.typo3.org/issues/52358
);
}
Updated by Helmut Hummel over 10 years ago
- TYPO3 Version changed from 6.1 to 6.2
Christian Boltz wrote:
That all said, here's the patch (for 4.5.30, but it's probably needed for all Typo3 versions):
Looks reasonable. Can you push a patch into our review system?
Thanks!
Updated by Alexander Opitz over 10 years ago
TYPO3 do not support MySQL/MariaDB Strict mode ... there are more open issues about that
http://forge.typo3.org/issues/18866
http://forge.typo3.org/issues/18821
http://forge.typo3.org/issues/20052
yes, the issue should be solved, but there will be more errors afterwards. :-(
Updated by Morton Jonuschat over 9 years ago
- Category set to Database API (Doctrine DBAL)
- Assignee set to Morton Jonuschat
- Target version set to 7 LTS
Updated by Gerrit Code Review over 9 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/41758
Updated by Morton Jonuschat over 9 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 4248fb83eec4182e56b25d47ac282c1c0be8193b.
Updated by Riccardo De Contardi about 7 years ago
- Status changed from Resolved to Closed