Bug #52358

Epic #68397: Make TYPO3 work with MySQL strict mode

can't login to backend or install tool with PHP 5.4.19 (Typo3-internal session handler broken)

Added by Christian Boltz over 7 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Must have
Category:
Database API (Doctrine DBAL)
Target version:
Start date:
2013-09-28
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
5.4
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

On a new server with openSUSE 13.1 beta (which comes with Apache 2.4.6 and PHP 5.4.19), it's impossible to login to the backend or to the install tool.

The password is recognized as valid (the install tool does not display the md5sum of the entered password, and the backend logs a successful(!) login in sys_log), but I always get the login form again.

After lots of research (also with some help in #typo3), I found out that the Typo3-internal session handling causes this - if I disable the Typo3-internal session handler in the install tool, I can successfully login (see attached patch, which is of course only a workaround).

Unfortunately disabling the Typo3-internal session handling for the backend login is not that easy, therefore I need some help ;-)

I can reproduce this problem with Typo3 4.5.30 and 6.1.3.


Files

typo3_src-4.5.30-cboltz--installtool-session-handling.diff (1.35 KB) typo3_src-4.5.30-cboltz--installtool-session-handling.diff Workaround patch for install tool (for 4.5.30) Christian Boltz, 2013-09-28 23:29
#1

Updated by Christian Boltz over 7 years ago

I also (finally) found the problem that prevented the backend login. This time it's not PHP, but MySQL/MariaDB strict mode ;-)

class.t3lib_userauth.php getNewSessionRecord() does not set the ses_data field, which has no default in the database. The result was that $GLOBALS['TYPO3_DB']->exec_INSERTquery failed.

To make things worse, exec_INSERTquery fails silently. It should at least report the error to the devlog...

That all said, here's the patch (for 4.5.30, but it's probably needed for all Typo3 versions):

--- typo3_src-4.5.30/t3lib/class.t3lib_userauth.php       2013-09-12 11:30:04.000000000 +0200
+++ typo3_src/t3lib/class.t3lib_userauth.php    2013-09-29 15:51:45.000000000 +0200
@@ -813,10 +813,11 @@
        function getNewSessionRecord($tempuser) {
                return array(
                        'ses_id' => $this->id,
                        'ses_name' => $this->name,
                        'ses_iplock' => $tempuser['disableIPlock'] ? '[DISABLED]' : $this->ipLockClause_remoteIPNumber($this->lockIP),
                        'ses_hashlock' => $this->hashLockClause_getHashInt(),
                        'ses_userid' => $tempuser[$this->userid_column],
-                       'ses_tstamp' => $GLOBALS['EXEC_TIME']
+                       'ses_tstamp' => $GLOBALS['EXEC_TIME'],
+                       'ses_data' => '' ### cboltz - http://forge.typo3.org/issues/52358
                );
        }
#2

Updated by Helmut Hummel almost 7 years ago

  • TYPO3 Version changed from 6.1 to 6.2

Christian Boltz wrote:

That all said, here's the patch (for 4.5.30, but it's probably needed for all Typo3 versions):

Looks reasonable. Can you push a patch into our review system?

http://wiki.typo3.org/CWT

Thanks!

#3

Updated by Alexander Opitz almost 7 years ago

TYPO3 do not support MySQL/MariaDB Strict mode ... there are more open issues about that

http://forge.typo3.org/issues/18866
http://forge.typo3.org/issues/18821
http://forge.typo3.org/issues/20052

yes, the issue should be solved, but there will be more errors afterwards. :-(

#4

Updated by Morton Jonuschat over 5 years ago

  • Category set to Database API (Doctrine DBAL)
  • Assignee set to Morton Jonuschat
  • Target version set to 7 LTS
#5

Updated by Morton Jonuschat over 5 years ago

  • Parent task set to #68397
#6

Updated by Gerrit Code Review over 5 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/41758

#7

Updated by Morton Jonuschat over 5 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#8

Updated by Riccardo De Contardi over 3 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF