Anonymous Login
2016-12-09 01:00 CET

View Issue Details Jump to Notes ] Related Changesets ]
IDProjectCategoryView StatusLast Update
07021Bug reports[All Projects] Authenticationpublic2012-12-11 14:48
ReporterpfpDave 
Assigned Toc_schmitz 
PriorityhighSeverityminor 
StatusclosedResolutionfixed 
Product Version2.00+ 
Target VersionFixed in Version2.00+ 
Summary07021: Web Server Auth Broken (again) in latest build
DescriptionIn the latest build Web Server auth is broken again but I'm struggling to trace where or why. Basically when I leave the login boxes blank and click login it just returns me to the login screen. I've checked UserIdentity.php and it's grabbing the username correctly and is returning a 1 for !$this->errorCode; so that part works OK ... where does it go next?

Here's the console log from Firebug (NB: the failed_login_attempts table is empty):



Application Log

[12:19:33.449][trace][system.db.CDbConnection] Opening DB connection

login (line 154)

[12:19:33.453][trace][system.db.CDbCommand] Querying SQL: SELECT k.column_name field_name
            FROM [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] k
            LEFT JOIN [INFORMATION_SCHEMA].[TABLE_CONSTRAINTS] c
              ON k.table_name = c.table_name
             AND k.constraint_name = c.constraint_name
           WHERE c.constraint_type ='PRIMARY KEY'
                   AND k.table_name = :table
                AND k.table_schema = :schema. Bound with :table='settings_global', :schema='dbo'

login (line 155)

[12:19:33.458][trace][system.db.CDbCommand] Querying SQL: SELECT
             KCU1.CONSTRAINT_NAME AS 'FK_CONSTRAINT_NAME'
           , KCU1.TABLE_NAME AS 'FK_TABLE_NAME'
           , KCU1.COLUMN_NAME AS 'FK_COLUMN_NAME'
           , KCU1.ORDINAL_POSITION AS 'FK_ORDINAL_POSITION'
           , KCU2.CONSTRAINT_NAME AS 'UQ_CONSTRAINT_NAME'
           , KCU2.TABLE_NAME AS 'UQ_TABLE_NAME'
           , KCU2.COLUMN_NAME AS 'UQ_COLUMN_NAME'
           , KCU2.ORDINAL_POSITION AS 'UQ_ORDINAL_POSITION'
        FROM [INFORMATION_SCHEMA].[REFERENTIAL_CONSTRAINTS] RC
        JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU1
        ON KCU1.CONSTRAINT_CATALOG = RC.CONSTRAINT_CATALOG
           AND KCU1.CONSTRAINT_SCHEMA = RC.CONSTRAINT_SCHEMA
           AND KCU1.CONSTRAINT_NAME = RC.CONSTRAINT_NAME
        JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU2
        ON KCU2.CONSTRAINT_CATALOG =
        RC.UNIQUE_CONSTRAINT_CATALOG
           AND KCU2.CONSTRAINT_SCHEMA =
        RC.UNIQUE_CONSTRAINT_SCHEMA
           AND KCU2.CONSTRAINT_NAME =
        RC.UNIQUE_CONSTRAINT_NAME
           AND KCU2.ORDINAL_POSITION = KCU1.ORDINAL_POSITION
        WHERE KCU1.TABLE_NAME = :table. Bound with :table='settings_global'

login (line 156)

[12:19:33.459][trace][system.db.CDbCommand] Querying SQL: SELECT *, columnproperty(object_id(table_schema+'.'+table_name), column_name, 'IsIdentity') as IsIdentity FROM [INFORMATION_SCHEMA].[COLUMNS] WHERE TABLE_NAME='settings_global' AND TABLE_SCHEMA='dbo'

login (line 157)

[12:19:33.460][trace][system.db.ar.CActiveRecord] Settings_global.findAll()

login (line 158)

[12:19:33.463][trace][system.db.CDbCommand] Querying SQL: SELECT * FROM [dbo].[settings_global] [t]

login (line 159)

[12:19:33.504][trace][system.db.ar.CActiveRecord] Settings_global.findByPk()

login (line 160)

[12:19:33.504][trace][system.db.CDbCommand] Querying SQL: SELECT TOP 1 * FROM [dbo].[settings_global] [t] WHERE [t].[stg_name]='updatelastcheck'

login (line 161)

[12:19:33.507][trace][system.db.CDbCommand] Querying SQL: SELECT k.column_name field_name
            FROM [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] k
            LEFT JOIN [INFORMATION_SCHEMA].[TABLE_CONSTRAINTS] c
              ON k.table_name = c.table_name
             AND k.constraint_name = c.constraint_name
           WHERE c.constraint_type ='PRIMARY KEY'
                   AND k.table_name = :table
                AND k.table_schema = :schema. Bound with :table='surveys', :schema='dbo'

login (line 162)

[12:19:33.512][trace][system.db.CDbCommand] Querying SQL: SELECT
             KCU1.CONSTRAINT_NAME AS 'FK_CONSTRAINT_NAME'
           , KCU1.TABLE_NAME AS 'FK_TABLE_NAME'
           , KCU1.COLUMN_NAME AS 'FK_COLUMN_NAME'
           , KCU1.ORDINAL_POSITION AS 'FK_ORDINAL_POSITION'
           , KCU2.CONSTRAINT_NAME AS 'UQ_CONSTRAINT_NAME'
           , KCU2.TABLE_NAME AS 'UQ_TABLE_NAME'
           , KCU2.COLUMN_NAME AS 'UQ_COLUMN_NAME'
           , KCU2.ORDINAL_POSITION AS 'UQ_ORDINAL_POSITION'
        FROM [INFORMATION_SCHEMA].[REFERENTIAL_CONSTRAINTS] RC
        JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU1
        ON KCU1.CONSTRAINT_CATALOG = RC.CONSTRAINT_CATALOG
           AND KCU1.CONSTRAINT_SCHEMA = RC.CONSTRAINT_SCHEMA
           AND KCU1.CONSTRAINT_NAME = RC.CONSTRAINT_NAME
        JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU2
        ON KCU2.CONSTRAINT_CATALOG =
        RC.UNIQUE_CONSTRAINT_CATALOG
           AND KCU2.CONSTRAINT_SCHEMA =
        RC.UNIQUE_CONSTRAINT_SCHEMA
           AND KCU2.CONSTRAINT_NAME =
        RC.UNIQUE_CONSTRAINT_NAME
           AND KCU2.ORDINAL_POSITION = KCU1.ORDINAL_POSITION
        WHERE KCU1.TABLE_NAME = :table. Bound with :table='surveys'

login (line 163)

[12:19:33.513][trace][system.db.CDbCommand] Querying SQL: SELECT *, columnproperty(object_id(table_schema+'.'+table_name), column_name, 'IsIdentity') as IsIdentity FROM [INFORMATION_SCHEMA].[COLUMNS] WHERE TABLE_NAME='surveys' AND TABLE_SCHEMA='dbo'

login (line 164)

[12:19:33.521][trace][system.db.ar.CActiveRecord] Settings_global.findByPk()

login (line 165)

[12:19:33.521][trace][system.db.CDbCommand] Querying SQL: SELECT TOP 1 * FROM [dbo].[settings_global] [t] WHERE [t].[stg_name]='DBVersion'

login (line 166)

[12:19:33.525][trace][system.db.CDbCommand] Querying SQL: SELECT k.column_name field_name
            FROM [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] k
            LEFT JOIN [INFORMATION_SCHEMA].[TABLE_CONSTRAINTS] c
              ON k.table_name = c.table_name
             AND k.constraint_name = c.constraint_name
           WHERE c.constraint_type ='PRIMARY KEY'
                   AND k.table_name = :table
                AND k.table_schema = :schema. Bound with :table='failed_login_attempts', :schema='dbo'

login (line 167)

[12:19:33.529][trace][system.db.CDbCommand] Querying SQL: SELECT
             KCU1.CONSTRAINT_NAME AS 'FK_CONSTRAINT_NAME'
           , KCU1.TABLE_NAME AS 'FK_TABLE_NAME'
           , KCU1.COLUMN_NAME AS 'FK_COLUMN_NAME'
           , KCU1.ORDINAL_POSITION AS 'FK_ORDINAL_POSITION'
           , KCU2.CONSTRAINT_NAME AS 'UQ_CONSTRAINT_NAME'
           , KCU2.TABLE_NAME AS 'UQ_TABLE_NAME'
           , KCU2.COLUMN_NAME AS 'UQ_COLUMN_NAME'
           , KCU2.ORDINAL_POSITION AS 'UQ_ORDINAL_POSITION'
        FROM [INFORMATION_SCHEMA].[REFERENTIAL_CONSTRAINTS] RC
        JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU1
        ON KCU1.CONSTRAINT_CATALOG = RC.CONSTRAINT_CATALOG
           AND KCU1.CONSTRAINT_SCHEMA = RC.CONSTRAINT_SCHEMA
           AND KCU1.CONSTRAINT_NAME = RC.CONSTRAINT_NAME
        JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU2
        ON KCU2.CONSTRAINT_CATALOG =
        RC.UNIQUE_CONSTRAINT_CATALOG
           AND KCU2.CONSTRAINT_SCHEMA =
        RC.UNIQUE_CONSTRAINT_SCHEMA
           AND KCU2.CONSTRAINT_NAME =
        RC.UNIQUE_CONSTRAINT_NAME
           AND KCU2.ORDINAL_POSITION = KCU1.ORDINAL_POSITION
        WHERE KCU1.TABLE_NAME = :table. Bound with :table='failed_login_attempts'

login (line 168)

[12:19:33.530][trace][system.db.CDbCommand] Querying SQL: SELECT *, columnproperty(object_id(table_schema+'.'+table_name), column_name, 'IsIdentity') as IsIdentity FROM [INFORMATION_SCHEMA].[COLUMNS] WHERE TABLE_NAME='failed_login_attempts' AND TABLE_SCHEMA='dbo'

login (line 169)

[12:19:33.531][trace][system.db.ar.CActiveRecord] Failed_login_attempts.find()

login (line 170)

[12:19:33.531][trace][system.db.CDbCommand] Querying SQL: SELECT TOP 1 * FROM [dbo].[failed_login_attempts] [t] WHERE number_attempts > :attempts AND ip = :ip. Bound with :attempts=3, :ip='192.168.100.123'

login (line 171)
login (line 153)
TagsNo tags attached.
Complete LimeSurvey version number (& build)121204
I will donate to the project if issue is resolvedNo
BrowserIE8
Database & DB-VersionSQL Express 2012
Operating System (Server)Server 2008
Webserver software & versionIIS 7
PHP Version5.4.8
Attached Files

-Relationships
has duplicate 07049closedc_schmitz Webserver authentication is not implemented 
+Relationships

-Notes

~23035

c_schmitz (administrator)

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10798

~23040

c_schmitz (administrator)

2.00+ Build 121209 released

~23057

c_schmitz (administrator)

Fix committed to 2.1 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10814

~23071

pfpDave (reporter)

The fix doesn't work and to be honest I don't believe the issue is or was related to the UserIdentity module ... In my comment I said ...

..."I've checked UserIdentity.php and it's grabbing the username correctly and is returning a 1 for !$this->errorCode; so that part works OK ... where does it go next?"...

~23072

c_schmitz (administrator)

It works for me so now - so I cannot reproduce your issue.
Can you attach your config.php please? (please remove any passwords first)

~23073

pfpDave (reporter)

Attached as requested.

~23075

pfpDave (reporter)

I just edited UserIdentity.php to insert the below debug code at line 150:

print "User ID: " . $this->id;
print "
Error code Not set: " . !$this->errorCode;
die();

====
The UI Returns the following:

User ID: 4
Error code Not set: 1

====

row with uID 4 in dbo.users.Users_name matches my PC login ID

~23076

pfpDave (reporter)

Without the code above, I click Login, the page reloads and shows with no error message (as if I hadn't clicked the login button)

~23080

c_schmitz (administrator)

Fix committed to 2.1 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10828

~23081

c_schmitz (administrator)

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10830

~23083

pfpDave (reporter)

I'm not entirely sure I understand why that fix has worked but it has - many thanks.

~23085

c_schmitz (administrator)

We recently introduced another control layer that checks if the session belongs to the currently used database - if not the login screen is shown.
This check includes a has created from a 'secret' string, your user ID and user name. So it is important that the Identity properly sets the user name for the CWebuser object for later use (which was in case of web auth not the case - therefore the change).

~23086

pfpDave (reporter)

Ahh OK, that makes sense, many thanks.

~23127

c_schmitz (administrator)

2.00 Build 121211 released
+Notes

+Related Changesets

-Issue History
Date Modified Username Field Change
2012-12-05 13:25 pfpDave New Issue
2012-12-07 15:25 c_schmitz Relationship added has duplicate 07049
2012-12-09 14:35 c_schmitz Assigned To => c_schmitz
2012-12-09 14:35 c_schmitz Status new => assigned
2012-12-09 14:42 c_schmitz Changeset attached => LimeSurvey master d4b1be7e
2012-12-09 14:42 c_schmitz Note Added: 23035
2012-12-09 14:42 c_schmitz Resolution open => fixed
2012-12-09 14:42 c_schmitz Status assigned => resolved
2012-12-09 14:42 c_schmitz Fixed in Version => 2.00+
2012-12-09 16:29 c_schmitz Note Added: 23040
2012-12-09 16:29 c_schmitz Status resolved => closed
2012-12-09 20:20 c_schmitz Changeset attached => LimeSurvey 2.1 34770900
2012-12-09 20:20 c_schmitz Note Added: 23057
2012-12-10 09:56 pfpDave Note Added: 23071
2012-12-10 09:56 pfpDave Status closed => feedback
2012-12-10 09:56 pfpDave Resolution fixed => reopened
2012-12-10 10:33 c_schmitz Note Added: 23072
2012-12-10 10:35 pfpDave File Added: config.php
2012-12-10 10:35 pfpDave Note Added: 23073
2012-12-10 10:35 pfpDave Status feedback => assigned
2012-12-10 10:40 pfpDave Note Added: 23075
2012-12-10 10:41 pfpDave Note Added: 23076
2012-12-10 11:06 c_schmitz Changeset attached => LimeSurvey 2.1 91ea5f64
2012-12-10 11:06 c_schmitz Note Added: 23080
2012-12-10 11:07 c_schmitz Changeset attached => LimeSurvey master 76160fbd
2012-12-10 11:07 c_schmitz Note Added: 23081
2012-12-10 11:07 c_schmitz Status assigned => resolved
2012-12-10 11:07 c_schmitz Resolution reopened => fixed
2012-12-10 11:18 pfpDave Note Added: 23083
2012-12-10 11:28 c_schmitz Note Added: 23085
2012-12-10 11:30 pfpDave Note Added: 23086
2012-12-11 14:48 c_schmitz Note Added: 23127
2012-12-11 14:48 c_schmitz Status resolved => closed
+Issue History