Menus do not appear on OpenSuSE 11.2

[anonymous]

Successfully completed install of phpvideopro on OpenSuSE 11.2 after enabling short tags in php.ini.

phpvideopro comes up at the "Introduction for new users", and there is a bar at the head of the document saying "not logged in", but there are no menus there or on any other screens.

The javascript calls to the menus are in the page source, and javascript is enabled in Firefox. I didn't see anything in my apache2 or php5 configs about javascript except in mime.types

There is a consistent error message that comes up:

Notice: Undefined index: sess_id in /usr/share/phpvideopro/inc/vul_check.inc on line 80

I am able to use the izzysoft on-line demo of phpvideopro with this same browser without difficulty (except admin login doesn't work)

===========

[This information is included here rather than as a separate ticket since it may be related]

If I attempt to login by manually going to the login.php script, it refuses admin/video as invalid. Checked the database … the three defaults are in there. Updated with:

update pvp_users SET pwd = PASSWORD('video') where login = 'admin';

but still would not allow me in. "guest" login without a password is also refused.

[arthur@…]

I beg your pardon, I am not anonymous, I am Arthur! Thank you!

[izzy]

Hi Arthur,

Replying to anonymous:

There is a consistent error message that comes up: Notice: Undefined index: sess_id in /usr/share/phpvideopro/inc/vul_check.inc on line 80

You can safely ignore that (I hopefully fixed it for future releases just now).

I am able to use the izzysoft on-line demo of phpvideopro with this same browser without difficulty (except admin login doesn't work)

I wouldn't expect any problem with the browser.

If I attempt to login by manually going to the login.php script,

If you don't see any "login" link, but the page looks like an application window (which means the default template "applicat" is active), a click on the "x" brings you there.

it refuses admin/video as invalid. Checked the database … the three defaults are in there. Updated with:

update pvp_users SET pwd = PASSWORD('video') where login = 'admin'; but still would not allow me in. "guest" login without a password is also refused.

Nah, it's not the PASSWORD function behind it - though the result should be similar. It's a simple MD5 hash stored there. Please try:

UPDATE pvp_users
   SET pwd='421b47ffd946ca083b65cd668c6b17e6'
 WHERE login='admin';

Which should be the very same values the setup script should have placed there. If that does not help, please open the inc/config_internal.inc with your favorite editor, and set $debug["log"] to include the letter "S" (so SQL statements are logged). This will fill up your page with a bunch of SQL messages, so you finally want to reset that for sure. But for now, with SQL-Logging enabled, try to send your login data again and check the output. Please attach only the relevant parts to this ticket, so we can check further.

One more question is: What happens on your login attempts? Do you get a page telling you that your login failed - or something different? In the first case, the problem is located in the session management (which I assume). The second case would make things more difficult…

[arthur@…]

First time into application, debug includes 'S'

[arthur@…]

Main screen again, showing new session ID, still not logged in …

[arthur@…]

Hmm … I guess I should add the images before I write the text. Oh well, another 20 minutes.

I changed the md5 hash back to the original that was, indeed, placed there by the install program as you suggested, but it still doesn't work.

I added the 'S' to the debug value.

I'm providing pictures instead of trying to describe what is happening; at no point did I see an SQL statement on-screen about user admin; if it flashes past, I can't see it. I can note that the login screen doesn't say that the user/password combination is invalid, as it does when I put in a bogus password, it just exits back to the main screen, and the main screen reports "not logged in", unlike your demo system which always reports that "guest" is logged in. I don't see a way to login as "guest"; I figure it should just be that way always.

First page to come up when entering phpvideopro:

Login page; not "not logged in" is same as on first page but not shown here … I think it should be "guest"

The login of "admin" apparently succeeds because there is no error on the login page about an invalid user/password, but it doesn't log me in:

I believe I have done all you asked … it seems like we are are in the "more difficult" phase here! Please let me know what else you might like me to do. More extensive SQL information would help … it seems like it isn't telling all.

Thanks for your assistance and my next turn-around cycle should be shorter.

[izzy]

Thank you for updating. And yes, the screenshots have been very helpful - but also confusing: The key is number 3, i.e. after submitting the login form. Here the first statement should read WHERE login='admin' - it is not, which I would not believe without the screenshot. This could only mean your posted login data have been ignored - again, hard to believe.

Okay, so what can we do with this strange situation: First I'd suggest you get the latest code (v0.9.6 was released this weekend), so we discuss the exact same code. Then, if I may take a guess, we have to work around some SuSE issue again: Please open the login.php with your favorite editor. Line 24 reads like if (preg_match("/\s/","${login}${passwd}")) { - just immediately before this, add the following lines:

 echo "Original login: '$login'/'$passwd'<BR>\n";
 $login = $_POST['login']; $passwd = $_POST['passwd'];
 echo "Debug login: '$login'/'$passwd'<BR>\n";
 echo "Variables order (EnvGetPostCookieSession?): ".ini_get('variables_order')."<BR>\n";

Save the file, and try again. Let me know the results. My guess is the last line will have 'P' put before 'G', or (even worse) 'S' in front of both. The latter would explain a lot. SuSE is always good for such "jokes" - this is why I dropped it 6 years ago.

[izzy]

Arthur, if you want your problem solved with the next release, you need to hurry up - I will not wait for it, and I can't say yet how long it will take after that for the next to next release

[arthur@…]

Hi Izzy:

I must be doing something wrong … when I sent you the output with your last requests, when I hit the "submit" button on the login.php screen, the screen immediately goes blank and returns to the index.html page, so I naively assumed that the initially presented information (pre-submit) was the data you needed. It would seem that you need me to re-evaluate the variables before departing the login.php form.

I figured out how to get what I >think< you want … by putting in a bad password the data is reevaluated and some values come out … with the bogus password I get:

SEL ECT id,pwd FR OM pvp_users WHE RE login='guest' SEL ECT message_id,content FR OM pvp_lang WHE RE lang='en' Original login: 'admin'/'sdfsasss' Debug login: 'admin'/'sdfsasss' Variables order (EnvGetPostCookieSession??): GPCS POST:

Array (

[url] ⇒ /phpvideopro/index.php [login] ⇒ admin [passwd] ⇒ sdfsasss [submit] ⇒ Submit

)

REQUEST:Array ( [url] ⇒ /phpvideopro/index.php [login] ⇒ admin [passwd] ⇒ sdfsasss [submit] ⇒ Submit ) SEL ECT id,pwd FR OM pvp_users WH ERE login='admin'

With a "successful" login, the screen goes blank immediately. Let me know how I can get those values for with with the correct password if the above is not helpful.

Thanks!

Arthur Knight Hammer

[izzy]

Hi Arthur,

this was already helpful in so far as it shows the submitted values are processed correctly. So the login is successful (provided the correct credentials), but after the redirect to the main index, your session gets lost somehow. And our question is now longer a not working login, but the lost session.

Next questions are: Do you permit cookies? Because this is one way session data are managed. If you did not, the URL should show the session ID included. You should also check your browsers cookies (by the way: What browser you are using?) whether you find a cookie for phpVideoPro stored there. It should have at least one if you accept cookies: The site should hold your website phpVideoPro runs on, the path should point to its installations base URL. There should be at least a cookie by the name sess_id. Please check and let me know.

Please restore the original login.php (we no longer need the old debug stuff, but rather place new). At around line 47 you should find the line if ($pvp->cookie->active) {. Immediately after this, place die("Cookies are used<br>");. Now, when giving the correct credentials, that line should be displayed, and the script stops - which tells us that your session should be managed via cookies - and after that, you need to remove that line again (or you never get past the login page). If you got that line, you should also find the cookie described above - or something is going horribly wrong.

Please let me know the results ASAP, so we see how to proceed.

[izzy]

P.S.: I just re-checked your screenshots above and saw something interesting: It seems it doesn't find the session ID in the $_REQUEST array (see the always first line with the "Notice" about some undefined index). Which is also the reason why the menu bar displays "not logged in". Strange, since it works very fine with all other installations I've seen so far - but it could be an indicator that the session ID must be stored in a cookie instead. So I expect the above message ("Cookies are used") should be displayed. If so, please remove that debug line (if you not already did so), add the following line:

echo "Cookies:<pre>";print_r($_COOKIE); die("</pre>");

after the closing curly brace (i.e. immediately before header("Location: $url");), and try to login again. Let me know the output, and remove that debug code again.

[izzy]

Another P.S.: Before you start with the steps described above, please check what version of PHP you are running. If it is 5.3 or higher, forget about it: In that case I've just found the source of your trouble. With 5.3 they changed the registration of the $_REQUEST array to no longer include cookies - which will break the login and session management. I'm already working on a fix.

[izzy]

OK - so if I was right and you are running PHP 5.3 or later:

Please download phpvideopro-r2637.zip (which is the latest development code currently). Either do a fresh installation with it, or run the database update against your current installation (you will need to have the database updated, or the code won't work). Then try to login - it should work now. Please report back then, even (or especially) when your problem is solved with that.

[arthur@…]

SUCCESS!!! It is php 5.3 and your trunk code is working! (Dancing, singing … *;O)

I'll await the final release but I'll do a little playing in the meantime!

Thank you thank you!

Arthur Knight Hammer

[izzy]

GREAT! Glad to read that! And nothing to wait for, you've got the final release (except for the changelog file to be updated) - guess it already tells you it is version 0.9.7 Before really releasing the code, I just waited for your confirmation that the issue is solved. Now that it is, I guess I will release the code tomorrow. Thank you for your patience and helping me find out about those issues!