Hi
We upgraded from PHP 5.2 to 5.5
And after that we are unable to 'slow import' or import feeds or use filters or register buttons. When we click on any of these it keeps redirecting to login screen even with correct password.
The setup automation tool run works fine.
Any idea why this happens.
We are running 15/09A PHP Version 5.5.38 MySQL Version 5.1.73-cll
It works now
Will this affect the functionality of anything less, or make it less secure ?
cheers
Hi,
No affect on functionality at all. Fractionally less secure as it would mean the cookie could be captured and used on another computer but that's a generic issue with basic cookie based authentication anyway. I'm going to review the login process for the next distribution as using REMOTE_ADDR has other implications as mentioned - perhaps implementing HTTP AUTH after reviewing level of support in latest PHP distributions...
Cheers,
David.
--
PriceTapestry.com
Hi,
That sounds like an issue regarding the population of the $_SERVER["REMOTE_ADDR"] superglobal which is used as part of the login cookie hash as an added layer of security however this can be overridden easily with a fixed value (it can also cause problems if behind a proxy server farm that is presenting changing IP addresses) so I am reviewing the login functionality for the next distribution.
In the mean time, to override edit includes/admin.php and look for the following code at line 861:
if (isset($admin_checkPassword) && $admin_checkPassword)...and REPLACE with:
$_SERVER["REMOTE_ADDR"] = "127.0.0.1";if (isset($admin_checkPassword) && $admin_checkPassword)
Cheers,
David.
--
PriceTapestry.com