| Anonymous | Login | 2013-05-24 12:19 CEST | |
| Main | My View | View Issues | Change Log | Roadmap | Repositories |
| View Issue Details [ Jump to Notes ] [ Related Changesets ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 07021 | Bug reports | [All Projects] Authentication | public | 2012-12-05 13:25 | 2012-12-11 14:48 | ||||
| Reporter | pfpDave | ||||||||
| Assigned To | c_schmitz | ||||||||
| Priority | high | Severity | minor | ||||||
| Status | closed | Resolution | fixed | ||||||
| Product Version | 2.00+ | ||||||||
| Target Version | Fixed in Version | 2.00+ | |||||||
| Summary | 07021: Web Server Auth Broken (again) in latest build | ||||||||
| Description | In the latest build Web Server auth is broken again but I'm struggling to trace where or why. Basically when I leave the login boxes blank and click login it just returns me to the login screen. I've checked UserIdentity.php and it's grabbing the username correctly and is returning a 1 for !$this->errorCode; so that part works OK ... where does it go next? Here's the console log from Firebug (NB: the failed_login_attempts table is empty): Application Log [12:19:33.449][trace][system.db.CDbConnection] Opening DB connection login (line 154) [12:19:33.453][trace][system.db.CDbCommand] Querying SQL: SELECT k.column_name field_name FROM [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] k LEFT JOIN [INFORMATION_SCHEMA].[TABLE_CONSTRAINTS] c ON k.table_name = c.table_name AND k.constraint_name = c.constraint_name WHERE c.constraint_type ='PRIMARY KEY' AND k.table_name = :table AND k.table_schema = :schema. Bound with :table='settings_global', :schema='dbo' login (line 155) [12:19:33.458][trace][system.db.CDbCommand] Querying SQL: SELECT KCU1.CONSTRAINT_NAME AS 'FK_CONSTRAINT_NAME' , KCU1.TABLE_NAME AS 'FK_TABLE_NAME' , KCU1.COLUMN_NAME AS 'FK_COLUMN_NAME' , KCU1.ORDINAL_POSITION AS 'FK_ORDINAL_POSITION' , KCU2.CONSTRAINT_NAME AS 'UQ_CONSTRAINT_NAME' , KCU2.TABLE_NAME AS 'UQ_TABLE_NAME' , KCU2.COLUMN_NAME AS 'UQ_COLUMN_NAME' , KCU2.ORDINAL_POSITION AS 'UQ_ORDINAL_POSITION' FROM [INFORMATION_SCHEMA].[REFERENTIAL_CONSTRAINTS] RC JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU1 ON KCU1.CONSTRAINT_CATALOG = RC.CONSTRAINT_CATALOG AND KCU1.CONSTRAINT_SCHEMA = RC.CONSTRAINT_SCHEMA AND KCU1.CONSTRAINT_NAME = RC.CONSTRAINT_NAME JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU2 ON KCU2.CONSTRAINT_CATALOG = RC.UNIQUE_CONSTRAINT_CATALOG AND KCU2.CONSTRAINT_SCHEMA = RC.UNIQUE_CONSTRAINT_SCHEMA AND KCU2.CONSTRAINT_NAME = RC.UNIQUE_CONSTRAINT_NAME AND KCU2.ORDINAL_POSITION = KCU1.ORDINAL_POSITION WHERE KCU1.TABLE_NAME = :table. Bound with :table='settings_global' login (line 156) [12:19:33.459][trace][system.db.CDbCommand] Querying SQL: SELECT *, columnproperty(object_id(table_schema+'.'+table_name), column_name, 'IsIdentity') as IsIdentity FROM [INFORMATION_SCHEMA].[COLUMNS] WHERE TABLE_NAME='settings_global' AND TABLE_SCHEMA='dbo' login (line 157) [12:19:33.460][trace][system.db.ar.CActiveRecord] Settings_global.findAll() login (line 158) [12:19:33.463][trace][system.db.CDbCommand] Querying SQL: SELECT * FROM [dbo].[settings_global] [t] login (line 159) [12:19:33.504][trace][system.db.ar.CActiveRecord] Settings_global.findByPk() login (line 160) [12:19:33.504][trace][system.db.CDbCommand] Querying SQL: SELECT TOP 1 * FROM [dbo].[settings_global] [t] WHERE [t].[stg_name]='updatelastcheck' login (line 161) [12:19:33.507][trace][system.db.CDbCommand] Querying SQL: SELECT k.column_name field_name FROM [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] k LEFT JOIN [INFORMATION_SCHEMA].[TABLE_CONSTRAINTS] c ON k.table_name = c.table_name AND k.constraint_name = c.constraint_name WHERE c.constraint_type ='PRIMARY KEY' AND k.table_name = :table AND k.table_schema = :schema. Bound with :table='surveys', :schema='dbo' login (line 162) [12:19:33.512][trace][system.db.CDbCommand] Querying SQL: SELECT KCU1.CONSTRAINT_NAME AS 'FK_CONSTRAINT_NAME' , KCU1.TABLE_NAME AS 'FK_TABLE_NAME' , KCU1.COLUMN_NAME AS 'FK_COLUMN_NAME' , KCU1.ORDINAL_POSITION AS 'FK_ORDINAL_POSITION' , KCU2.CONSTRAINT_NAME AS 'UQ_CONSTRAINT_NAME' , KCU2.TABLE_NAME AS 'UQ_TABLE_NAME' , KCU2.COLUMN_NAME AS 'UQ_COLUMN_NAME' , KCU2.ORDINAL_POSITION AS 'UQ_ORDINAL_POSITION' FROM [INFORMATION_SCHEMA].[REFERENTIAL_CONSTRAINTS] RC JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU1 ON KCU1.CONSTRAINT_CATALOG = RC.CONSTRAINT_CATALOG AND KCU1.CONSTRAINT_SCHEMA = RC.CONSTRAINT_SCHEMA AND KCU1.CONSTRAINT_NAME = RC.CONSTRAINT_NAME JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU2 ON KCU2.CONSTRAINT_CATALOG = RC.UNIQUE_CONSTRAINT_CATALOG AND KCU2.CONSTRAINT_SCHEMA = RC.UNIQUE_CONSTRAINT_SCHEMA AND KCU2.CONSTRAINT_NAME = RC.UNIQUE_CONSTRAINT_NAME AND KCU2.ORDINAL_POSITION = KCU1.ORDINAL_POSITION WHERE KCU1.TABLE_NAME = :table. Bound with :table='surveys' login (line 163) [12:19:33.513][trace][system.db.CDbCommand] Querying SQL: SELECT *, columnproperty(object_id(table_schema+'.'+table_name), column_name, 'IsIdentity') as IsIdentity FROM [INFORMATION_SCHEMA].[COLUMNS] WHERE TABLE_NAME='surveys' AND TABLE_SCHEMA='dbo' login (line 164) [12:19:33.521][trace][system.db.ar.CActiveRecord] Settings_global.findByPk() login (line 165) [12:19:33.521][trace][system.db.CDbCommand] Querying SQL: SELECT TOP 1 * FROM [dbo].[settings_global] [t] WHERE [t].[stg_name]='DBVersion' login (line 166) [12:19:33.525][trace][system.db.CDbCommand] Querying SQL: SELECT k.column_name field_name FROM [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] k LEFT JOIN [INFORMATION_SCHEMA].[TABLE_CONSTRAINTS] c ON k.table_name = c.table_name AND k.constraint_name = c.constraint_name WHERE c.constraint_type ='PRIMARY KEY' AND k.table_name = :table AND k.table_schema = :schema. Bound with :table='failed_login_attempts', :schema='dbo' login (line 167) [12:19:33.529][trace][system.db.CDbCommand] Querying SQL: SELECT KCU1.CONSTRAINT_NAME AS 'FK_CONSTRAINT_NAME' , KCU1.TABLE_NAME AS 'FK_TABLE_NAME' , KCU1.COLUMN_NAME AS 'FK_COLUMN_NAME' , KCU1.ORDINAL_POSITION AS 'FK_ORDINAL_POSITION' , KCU2.CONSTRAINT_NAME AS 'UQ_CONSTRAINT_NAME' , KCU2.TABLE_NAME AS 'UQ_TABLE_NAME' , KCU2.COLUMN_NAME AS 'UQ_COLUMN_NAME' , KCU2.ORDINAL_POSITION AS 'UQ_ORDINAL_POSITION' FROM [INFORMATION_SCHEMA].[REFERENTIAL_CONSTRAINTS] RC JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU1 ON KCU1.CONSTRAINT_CATALOG = RC.CONSTRAINT_CATALOG AND KCU1.CONSTRAINT_SCHEMA = RC.CONSTRAINT_SCHEMA AND KCU1.CONSTRAINT_NAME = RC.CONSTRAINT_NAME JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU2 ON KCU2.CONSTRAINT_CATALOG = RC.UNIQUE_CONSTRAINT_CATALOG AND KCU2.CONSTRAINT_SCHEMA = RC.UNIQUE_CONSTRAINT_SCHEMA AND KCU2.CONSTRAINT_NAME = RC.UNIQUE_CONSTRAINT_NAME AND KCU2.ORDINAL_POSITION = KCU1.ORDINAL_POSITION WHERE KCU1.TABLE_NAME = :table. Bound with :table='failed_login_attempts' login (line 168) [12:19:33.530][trace][system.db.CDbCommand] Querying SQL: SELECT *, columnproperty(object_id(table_schema+'.'+table_name), column_name, 'IsIdentity') as IsIdentity FROM [INFORMATION_SCHEMA].[COLUMNS] WHERE TABLE_NAME='failed_login_attempts' AND TABLE_SCHEMA='dbo' login (line 169) [12:19:33.531][trace][system.db.ar.CActiveRecord] Failed_login_attempts.find() login (line 170) [12:19:33.531][trace][system.db.CDbCommand] Querying SQL: SELECT TOP 1 * FROM [dbo].[failed_login_attempts] [t] WHERE number_attempts > :attempts AND ip = :ip. Bound with :attempts=3, :ip='192.168.100.123' login (line 171) login (line 153) | ||||||||
| I will donate to the project if issue is resolved within 48 hrs | No | ||||||||
| LimeSurvey build number | 121204 | ||||||||
| Browser | IE8 | ||||||||
| Database & DB-Version | SQL Express 2012 | ||||||||
| Operating System (Server) | Server 2008 | ||||||||
| Webserver software & version | IIS 7 | ||||||||
| PHP Version | 5.4.8 | ||||||||
| Attached Files |  config.php [^] (2,856 bytes) 2012-12-10 10:35 | ||||||||
 Relationships |
 Notes |
|
 (23035)c_schmitz (administrator) 2012-12-09 14:42 |
Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10798 [^] |
|
(23040) c_schmitz (administrator) 2012-12-09 16:29 |
2.00+ Build 121209 released |
|
(23057) c_schmitz (administrator) 2012-12-09 20:20 |
Fix committed to 2.1 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10814 [^] |
 (23071)pfpDave (reporter) 2012-12-10 09:56 |
The fix doesn't work and to be honest I don't believe the issue is or was related to the UserIdentity module ... In my comment I said ... ..."I've checked UserIdentity.php and it's grabbing the username correctly and is returning a 1 for !$this->errorCode; so that part works OK ... where does it go next?"... |
|
(23072) c_schmitz (administrator) 2012-12-10 10:33 |
It works for me so now - so I cannot reproduce your issue. Can you attach your config.php please? (please remove any passwords first) |
|
(23073) pfpDave (reporter) 2012-12-10 10:35 |
Attached as requested. |
|
(23075) pfpDave (reporter) 2012-12-10 10:40 |
I just edited UserIdentity.php to insert the below debug code at line 150: print "User ID: " . $this->id; print " Error code Not set: " . !$this->errorCode; die(); ==== The UI Returns the following: User ID: 4 Error code Not set: 1 ==== row with uID 4 in dbo.users.Users_name matches my PC login ID |
|
(23076) pfpDave (reporter) 2012-12-10 10:41 |
Without the code above, I click Login, the page reloads and shows with no error message (as if I hadn't clicked the login button) |
|
(23080) c_schmitz (administrator) 2012-12-10 11:06 |
Fix committed to 2.1 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10828 [^] |
|
(23081) c_schmitz (administrator) 2012-12-10 11:07 |
Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10830 [^] |
|
(23083) pfpDave (reporter) 2012-12-10 11:18 |
I'm not entirely sure I understand why that fix has worked but it has - many thanks. |
|
(23085) c_schmitz (administrator) 2012-12-10 11:28 |
We recently introduced another control layer that checks if the session belongs to the currently used database - if not the login screen is shown. This check includes a has created from a 'secret' string, your user ID and user name. So it is important that the Identity properly sets the user name for the CWebuser object for later use (which was in case of web auth not the case - therefore the change). |
|
(23086) pfpDave (reporter) 2012-12-10 11:30 |
Ahh OK, that makes sense, many thanks. |
|
(23127) c_schmitz (administrator) 2012-12-11 14:48 |
2.00 Build 121211 released |
|
Notes |
| Related Changesets |
|||
|
LimeSurvey: master d4b1be7e
Timestamp: 2012-12-09 13:36:58 Author: c_schmitz Committer: Carsten Schmitz [ Details ] [ Diff ] |
Fixed issue 07021: Web server authentication broken | ||
| mod - application/core/UserIdentity.php | [ Diff ] [ File ] | ||
|
LimeSurvey: 2.1 34770900
Timestamp: 2012-12-09 13:36:58 Author: c_schmitz Committer: Carsten Schmitz [ Details ] [ Diff ] |
Fixed issue 07021: Web server authentication broken | ||
| mod - application/core/UserIdentity.php | [ Diff ] [ File ] | ||
|
LimeSurvey: 2.1 91ea5f64
Timestamp: 2012-12-10 10:05:36 Author: c_schmitz Committer: Carsten Schmitz [ Details ] [ Diff ] |
Fixed issue 07021: Web server authentication broken | ||
| mod - application/core/UserIdentity.php | [ Diff ] [ File ] | ||
|
LimeSurvey: master 76160fbd
Timestamp: 2012-12-10 10:05:36 Author: c_schmitz Committer: Carsten Schmitz [ Details ] [ Diff ] |
Fixed issue 07021: Web server authentication broken | ||
| mod - application/core/UserIdentity.php | [ Diff ] [ File ] | ||
| Related Changesets |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2012-12-05 13:25 | pfpDave | New Issue | |
| 2012-12-07 15:25 | c_schmitz | Relationship added | has duplicate 07049 |
| 2012-12-09 14:35 | c_schmitz | Assigned To | => c_schmitz |
| 2012-12-09 14:35 | c_schmitz | Status | new => assigned |
| 2012-12-09 14:42 | c_schmitz | Changeset attached | => LimeSurvey master d4b1be7e |
| 2012-12-09 14:42 | c_schmitz | Note Added: 23035 | |
| 2012-12-09 14:42 | c_schmitz | Resolution | open => fixed |
| 2012-12-09 14:42 | c_schmitz | Status | assigned => resolved |
| 2012-12-09 14:42 | c_schmitz | Fixed in Version | => 2.00+ |
| 2012-12-09 16:29 | c_schmitz | Note Added: 23040 | |
| 2012-12-09 16:29 | c_schmitz | Status | resolved => closed |
| 2012-12-09 20:20 | c_schmitz | Changeset attached | => LimeSurvey 2.1 34770900 |
| 2012-12-09 20:20 | c_schmitz | Note Added: 23057 | |
| 2012-12-10 09:56 | pfpDave | Note Added: 23071 | |
| 2012-12-10 09:56 | pfpDave | Status | closed => feedback |
| 2012-12-10 09:56 | pfpDave | Resolution | fixed => reopened |
| 2012-12-10 10:33 | c_schmitz | Note Added: 23072 | |
| 2012-12-10 10:35 | pfpDave | File Added: config.php | |
| 2012-12-10 10:35 | pfpDave | Note Added: 23073 | |
| 2012-12-10 10:35 | pfpDave | Status | feedback => assigned |
| 2012-12-10 10:40 | pfpDave | Note Added: 23075 | |
| 2012-12-10 10:41 | pfpDave | Note Added: 23076 | |
| 2012-12-10 11:06 | c_schmitz | Changeset attached | => LimeSurvey 2.1 91ea5f64 |
| 2012-12-10 11:06 | c_schmitz | Note Added: 23080 | |
| 2012-12-10 11:07 | c_schmitz | Changeset attached | => LimeSurvey master 76160fbd |
| 2012-12-10 11:07 | c_schmitz | Note Added: 23081 | |
| 2012-12-10 11:07 | c_schmitz | Status | assigned => resolved |
| 2012-12-10 11:07 | c_schmitz | Resolution | reopened => fixed |
| 2012-12-10 11:18 | pfpDave | Note Added: 23083 | |
| 2012-12-10 11:28 | c_schmitz | Note Added: 23085 | |
| 2012-12-10 11:30 | pfpDave | Note Added: 23086 | |
| 2012-12-11 14:48 | c_schmitz | Note Added: 23127 | |
| 2012-12-11 14:48 | c_schmitz | Status | resolved => closed |
|
Issue History |
| Copyright © 2000 - 2013 MantisBT Team |
 |