Problem with Invalid credentials.

[per]

Hi, interesting project!
I have a problem that some friendly soul might help me with:
In the end of the installation process I click the Edit-link, but the next page only shows the text "Invalid credentials.".
If I go to the login.php I get the same message whatever credentials i try (that I created during install).
I'm on a test server within my LAN with Ubuntu Server 10.04 so I haven't bothered with moving files as the installer suggested.
I suspect I simply overlook something simple, so I attached the output of ls -l on the install dir.

[thruska]

The "Invalid credentials." message happens only when the system can't find the login. The defaults during installation set credential length to 15 days. I see all the necessary files were created for logging in. You should check 'config.php' to see if ROOT_PATH is set correctly. The next step would be to see the exact traffic being sent and received from the server in your browser (either "Live HTTP Headers" or "Firebug" for Firefox). The system thinks it logged you in because you get the 'Edit' link but when you click the 'Edit' link, the server doesn't get the cookie containing the login token. Either the browser either didn't receive the cookie containing your login token or isn't sending it for some reason.

[per]

Thanks for your reply!
Time expire: No.
ROOT_PATH: Seems OK.
Traffic: The following are the output in Firebug Net-All-Headers-panel when I get the "Invalid credentials."-message.
--------------------------------------
Response Headers view source
Date Tue, 05 Oct 2010 19:30:43 GMT
Server Apache/2.2.14 (Ubuntu)
X-Powered-By PHP/5.3.2-1ubuntu4.2
Vary Accept-Encoding
Content-Encoding gzip
Content-Length 40
Keep-Alive timeout=15, max=100
Connection Keep-Alive
Content-Type text/html

Request Headers view source
Host 192.168.0.24
User-Agent Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.10) Gecko/20100915 Ubuntu/10.04 (lucid) Firefox/3.6.10
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language en-us,en;q=0.5
Accept-Encoding gzip,deflate
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive 115
Connection keep-alive
Referer http://192.168.0.24/barebones1/
Cookie bbl=138d773ed9339cdaef19a861d36b53807802c304;​ bbq=1; SESS923800a447bf573d5204fbbb500138d2=hic5e3tu​gmc0d38ugk10st2341; SESS97384c591f0da0eb6cab8996679ab743=o6hrehd3​rtkeemam7jn0ijvrj6; SESS14d5d698b430f65e4e00d374b39418ab=voa4sjsl​mgii5eqcfvuukhobv7
------------------------------------------------------------------------------------

I tested to clear all cookies and sessions stored in Firefox, with same (but less cookies) result.
I also tried to login by IE8 on a Windows machine, but no comfort.

Anything else I can provide?
And yes, I have cleared and reinstalled several times.
This is actually my first request for support in a forum, Google usually provide all answers. I guess this is one drawback of testing something (almost) brand new.

[thruska]

Ah. There isn't a "no expire" option. If the '..._TIMEOUT' values in 'config.php' are set to 0, that means 0 seconds. If you don't want them to really expire (not recommended for 'Developer' accounts), set the value to something really large (e.g. 10 years = 10 * 365 * 24 * 60 * 60 = 315360000).

The installer lets people do pretty much anything. It probably shouldn't let them set values smaller than five minutes.

[per]

All _TIMEOUT values in config.php was set to 1296000 by the installer.
I attached my config.php (as .txt) for troubleshooting (e-mail credentials replaced).
Thanks for your patience!

PS
I live in Sweden, maybe it's related to my localization?
DS

[ephlodur]

Hello I'm having the same problem..

Did you fix your problem if yes how?

Thanks for your help

[thruska]

@per - Unfortunately, I see nothing wrong with the config. You've got a lot of patience.

@ephlodur - The problem hasn't been solved yet but I'm working on trying to replicate the problem on my end.

[thruska]

I've replicated this problem on my end. And found the problem too. ProcessAllInput() isn't working the same on all versions of PHP.

http://php.net/manual/en/reserved.variables.request.php

Clearly says that $_COOKIE is included in $_REQUEST. The first comment on the page though says, "The default php.ini on your system as of in PHP 5.3.0 may exclude cookies from $_REQUEST. The request_order ini directive specifies what goes in the $_REQUEST array; if that does not exist, then the variables_order directive does. Your distribution's php.ini may exclude cookies by default, so beware."

http://www.php.net/manual/en/ini.core.ph...uest-order

Gah. There are two ways to fix this. The official fix will be to modify ProcessAllInput() to correctly handle this annoying scenario in a future release. In the meantime, changing "request_order" to be "CGP" in your php.ini files should fix the issue. This is only a problem in PHP 5.3.0 and later. The "CGP" order is such as to allow cookies to be overridden by variables in $_GET/$_POST - which is useful for things like allowing Flash uploaders to work by passing cookie values via GET/POST and overwrite any outdated cached cookies Flash might send. Specifically, this is a known, unfixable bug in Flash that affects SWFUpload - one of the reasons ProcessAllInput() exists.

[thruska]

If you can't or don't want to edit 'php.ini' to modify the 'request_order' variable and don't want to wait for the next release of Barebones CMS (it'll be a while), get Admin Pack 1.0rc8 - see the Downloads page. Admin Pack contains a modified 'support/str_basics.php' file. Simply overwrite 'support/str_basics.php' in Barebones CMS 1.0 with the one from Admin Pack and Barebones CMS should get past the session validation code.

Let me know if you run into any other issues.

[ephlodur]

Thanks for you help changing the php.ini file did not solved the problem for me but the Admin Pack that with the modified version of str_basics.php solved it for me ...

thanks for your prompt response.

(10-07-2010 10:26 PM)thruska Wrote:  If you can't or don't want to edit 'php.ini' to modify the 'request_order' variable and don't want to wait for the next release of Barebones CMS (it'll be a while), get Admin Pack 1.0rc8 - see the Downloads page. Admin Pack contains a modified 'support/str_basics.php' file. Simply overwrite 'support/str_basics.php' in Barebones CMS 1.0 with the one from Admin Pack and Barebones CMS should get past the session validation code.

Let me know if you run into any other issues.