No Login possible

Discussion forum about Anuko Time Tracker
Post Reply
bktechnik2
Posts: 5
Joined: Wed Oct 10, 2018 1:37 pm

No Login possible

Post by bktechnik2 » Wed Oct 10, 2018 1:46 pm

suddenly there is no login possible.
We have installed at our webserver and used anuko timetracker since 3 years.
But now it's not possible to login - after send the login form it appears ever and ever....
In the apache-logfile of the domain appears following:
<code>
93.159.117.18 - - [10/Oct/2018:15:41:33 +0200] "POST /login.php HTTP/1.1" 302 20 "https://time.domain.de/login.php" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:62.0) Gecko/20100101 Firefox/62.0"
93.159.117.18 - - [10/Oct/2018:15:41:33 +0200] "GET /time.php HTTP/1.1" 302 20 "https://time.domain.de/login.php" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:62.0) Gecko/20100101 Firefox/62.0"
93.159.117.18 - - [10/Oct/2018:15:41:33 +0200] "GET /login.php HTTP/1.1" 200 1749 "https://time.domain.de/login.php" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:62.0) Gecko/20100101 Firefox/62.0"
</code>
It runs with Debian wheezy,
mysql Ver 15.1 Distrib 5.5.61-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2
PHP 5.6.38-1~dotdeb+7.1 (cli) (built: Sep 14 2018 10:54:46)
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies

What could be ther reason and how can I get the timetracker running?

wrc
Posts: 259
Joined: Tue May 25, 2010 8:30 pm

Re: No Login possible

Post by wrc » Wed Oct 10, 2018 3:04 pm

Check if cookies are allowed in your browser.

bktechnik2
Posts: 5
Joined: Wed Oct 10, 2018 1:37 pm

Re: No Login possible

Post by bktechnik2 » Wed Oct 10, 2018 6:44 pm

yes cookies allowed - tine20 needs also cookies and its possible to login...no repeat of the login site.
I don'n know what there happens - I'll tomorrow check to export the database and import into a new, and then with an new install under another subdomain check if it run...
thanks for the reply...but I'm open for more ideas.

Greetings from germany, the OreMountains, known as Chrismasland

Nik
Posts: 447
Joined: Wed May 26, 2010 5:55 pm

Re: No Login possible

Post by Nik » Thu Oct 11, 2018 3:10 pm

What is your version of Time Tracker?

If from 3 years ago try using the latest version to see if this helps.

Based on current code and your access log, after login you are redirected to time,php, which is correct. But then on time.php a check if a user is authenticated fails, and you are redirected to login.php again.

A check and a redirect most likely occurs in ttAccessAllowed function in the beginning of time.php, because, in it we have:

Code: Select all

  // Redirect to login page if user is not authenticated.
  if (!$auth->isAuthenticated()) {
    header('Location: login.php');
    exit();
  }
The isAuthenticated checks if $_SESSION['authenticated'] is set, which is set in setAuth. Also, there is this troubling comment in setAuth:

Code: Select all

  // setAuth - stores authorization data in session.
  function setAuth($userid, $username) {
    $_SESSION['authenticated'] = true;
    $_SESSION['authenticated_user_id'] = $userid; // NOTE: using "user_id" instead of "authenticated_user_id" gets us in trouble
                                                  // with older PHP when register_globals = On. What happens is that any time we set
                                                  // $user_id variable in script, $_SESSION['user_id'] is also changed automatically. 
    $_SESSION['login'] = $username;
  }
Perhaps you use older code before this was put in, but it is difficult to say anything without further details or debug info.

bktechnik2
Posts: 5
Joined: Wed Oct 10, 2018 1:37 pm

Re: No Login possible

Post by bktechnik2 » Fri Oct 12, 2018 6:38 am

Thanks for the reply - I'll check it then.
The version of timetracker is 1.9.12.3378. I have tested in another direrctory, respective subdomain with an databasecopy on the same seerver. The same failure.
Then I checked it one of my private webservers which has as system Debian jessie - and in runs fine (but I checked with the newest version, it did not went well, then I copied the version from the old server to the new and it runs, but I could an can not export and import team_data.xml (because I can not login to the original version).
Now I come once more not to an finish to get timetracker running well on the original server...
I'm not good in php, but how can I debug the calls of the sites - how can I get an log or some similar to see deeper, whats happens after send the login-site and why it would be redirectet to itself?

Thanks in advance for more hints and advices

bktechnik2
Posts: 5
Joined: Wed Oct 10, 2018 1:37 pm

Re: No Login possible - solved :D

Post by bktechnik2 » Fri Oct 12, 2018 9:28 am

Mhm - I'm a bit confused, neither in the version 1.9.12.3378 ()the original) nor in version 1.17.99.4322 are the above from you postet functions in time.php
ok - I found it...{docroot}/WEB-INF/lib/Auth.class.lib
After activation of AUTH_DEBUG in config.php I got an error message in the following manner:

Code: Select all

Warning: session_write_close(): open(/var/www/virtual/domain.tld/phptmp/sess_vmih58s5ohor2upt297muvvo00, O_RDWR) failed: No such file or directory (2) in /var/www/virtual/domain.tld/timetracker/htdocs/WEB-INF/lib/Auth.class.php on line 43 Warning: session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/www/virtual/donain.tld/phptmp) in /var/www/virtual/domain.tld/timetracker/htdocs/WEB-INF/lib/Auth.class.php on line 43 
Thats right, there was no dir domain_root/phptmp - created, set right rights and owners - and voila - all seems to be fine...it remains a mystery to me why it was gone, but it does not matter...
Thanks for your hints, they pointed in the right direction and led to the solution.

wrc
Posts: 259
Joined: Tue May 25, 2010 8:30 pm

Re: No Login possible

Post by wrc » Fri Oct 12, 2018 1:28 pm

Note that since Time Traclker 1.12.3.3684 there is some control in config.php of where the sessions are stored.

Code: Select all

// PHP_SESSION_PATH
// Local file system path for PHP sessions. Use it to isolate session deletions
// (garbage collection interference) by other PHP scripts potentially running on the system.
// define('PHP_SESSION_PATH', '/tmp/timetracker'); // Directory must exist and be writable.

bktechnik2
Posts: 5
Joined: Wed Oct 10, 2018 1:37 pm

Re: No Login possible

Post by bktechnik2 » Fri Oct 12, 2018 8:21 pm

ok - thanks a lot - your support is awesome. I don't know if the phptemp-dir is in the php.ini of the customer php-ini. I use i-mscp, but the webserver (a vsever rent in 2015) of the firm where I employed is rather old, only debian wheezy is possible and imscp in an very old version. Therefore I have some problems to admin this in a manner, as all possibilities are used to manage it well.
Now the problem witth the temporary php directory is solved the problem wirh anuko timetracker has gone - it's as I said a mystery what happened with the directory for the specific domain - on the other hosted domains on this physical server that directory is availble. It's about time, that the server will be migratet to an actual system - I have no problems with actual stable debian and the stable version of i-mscp. Thats a awesome server-control-panel and the supportforum is a goldmine but relative complex to find a solution for any specific problem....

Thank you for your awesome work and program - our team likes it.

Greetings from the Ore Mountains of Germany - known as ChrismasLamd

bktechnik2

Post Reply