Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#1958 closed Bug (fixed)

Broken json extension: Login not working in 1.1.1 for some users

Reported by: matt Owned by:
Priority: normal Milestone: Piwik 1.2
Component: Core Keywords:
Cc: Sensitive: no


Reported in:,70605

and in emails with FTP access.

Please post your phpinfo() here, or send piwik URL + login + password + FTP or SSH access to anthon@… and matt@…

Attachments (2)

phpinfo.html (65.0 KB) - added by poupou 3 years ago.
phpinfo-xserve.html (65.7 KB) - added by jlemoine 3 years ago.

Download all attachments as: .zip

Change History (23)

comment:1 Changed 3 years ago by woefwaf

PHP Version 5.2.6

System	FreeBSD woefwafserver 7.0-STABLE-200804 FreeBSD 7.0-STABLE-200804 #0: Thu Apr 10 20:40:56 UTC 2008 i386
Build Date	Jul 22 2008 22:04:49
Configure Command	 './configure' '--with-layout=GNU' '--with-config-file-scan-dir=/usr/local/etc/php' '--disable-all' '--enable-libxml' '--with-libxml-dir=/usr/local' '--enable-reflection' '--program-prefix=' '--enable-force-cgi-redirect' '--enable-discard-path' '--enable-fastcgi' '--with-regex=php' '--with-zend-vm=CALL' '--enable-zend-multibyte' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/'
Server API	CGI/FastCGI
Virtual Directory Support	disabled
Configuration File (php.ini) Path	/usr/local/etc
Loaded Configuration File	/usr/local/etc/php.ini
Scan this dir for additional .ini files	/usr/local/etc/php
additional .ini files parsed	/usr/local/etc/php/extensions.ini
PHP API	20041225
PHP Extension	20060613
Zend Extension	220060519
Debug Build	no
Thread Safety	disabled
Zend Memory Manager	enabled
IPv6 Support	enabled
Registered PHP Streams	compress.bzip2, php, file, data, http, ftp, https, ftps, zip, compress.zlib
Registered Stream Socket Transports	tcp, udp, unix, udg, ssl, sslv3, sslv2, tls
Registered Stream Filters	bzip2.*, convert.iconv.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, zlib.*

This server is protected with the Suhosin Patch
Copyright (c) 2006 Hardened-PHP Project

This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies

PHP Credits


PHP Core

Directive	Local Value	Master Value
allow_call_time_pass_reference	On	On
allow_url_fopen	On	On
allow_url_include	Off	Off
always_populate_raw_post_data	Off	Off
arg_separator.input	&	&
arg_separator.output	&	&
asp_tags	Off	Off
auto_append_file	no value	no value
auto_globals_jit	On	On
auto_prepend_file	no value	no value
browscap	no value	no value
default_charset	no value	no value
default_mimetype	text/html	text/html
define_syslog_variables	Off	Off
detect_unicode	On	On
disable_classes	no value	no value
disable_functions	no value	no value
display_errors	On	On
display_startup_errors	Off	Off
doc_root	no value	no value
docref_ext	no value	no value
docref_root	no value	no value
enable_dl	On	On
error_append_string	no value	no value
error_log	no value	no value
error_prepend_string	no value	no value
error_reporting	6135	6135
expose_php	On	On
extension_dir	/usr/local/lib/php/20060613	/usr/local/lib/php/20060613
file_uploads	On	On	#FFFFFF	#FFFFFF
highlight.comment	#FF8000	#FF8000
highlight.default	#0000BB	#0000BB
highlight.html	#000000	#000000
highlight.keyword	#007700	#007700
highlight.string	#DD0000	#DD0000
html_errors	On	On
ignore_repeated_errors	Off	Off
ignore_repeated_source	Off	Off
ignore_user_abort	Off	Off
implicit_flush	Off	Off
include_path	.:/usr/local/share/pear	.:/usr/local/share/pear
log_errors	Off	Off
log_errors_max_len	1024	1024
magic_quotes_gpc	On	On
magic_quotes_runtime	Off	Off
magic_quotes_sybase	Off	Off
mail.force_extra_parameters	no value	no value
max_execution_time	30	30
max_input_nesting_level	64	64
max_input_time	60	60
memory_limit	128M	128M
open_basedir	/usr/local/syncer:/var/www:/tmp/:/var/tmp/:/usr/local/share/pear:/usr/sbin	/usr/local/syncer:/var/www:/tmp/:/var/tmp/:/usr/local/share/pear:/usr/sbin
output_buffering	no value	no value
output_handler	no value	no value
post_max_size	8M	8M
precision	12	12
realpath_cache_size	16K	16K
realpath_cache_ttl	120	120
register_argc_argv	On	On
register_globals	Off	Off
register_long_arrays	On	On
report_memleaks	On	On
report_zend_debug	On	On
safe_mode	Off	Off
safe_mode_exec_dir	no value	no value
safe_mode_gid	Off	Off
safe_mode_include_dir	no value	no value
sendmail_from	no value	no value
sendmail_path	/usr/sbin/sendmail -t -i	/usr/sbin/sendmail -t -i
serialize_precision	100	100
short_open_tag	On	On
SMTP	localhost	localhost
smtp_port	25	25
sql.safe_mode	Off	Off
suhosin.log.phpscript	0	0
suhosin.log.phpscript.is_safe	Off	Off	no value	no value
suhosin.log.sapi	no value	no value
suhosin.log.script	no value	no value	no value	no value
suhosin.log.syslog	no value	no value
suhosin.log.syslog.facility	no value	no value
suhosin.log.syslog.priority	no value	no value
suhosin.log.use-x-forwarded-for	Off	Off
track_errors	Off	Off
unserialize_callback_func	no value	no value
upload_max_filesize	16M	16M
upload_tmp_dir	no value	no value
user_dir	no value	no value
variables_order	EGPCS	EGPCS
xmlrpc_error_number	0	0
xmlrpc_errors	Off	Off
y2k_compliance	On	On
zend.ze1_compatibility_mode	Off	Off


BZip2 Support	Enabled
Stream Wrapper support	compress.bz2://
Stream Filter support	bzip2.decompress, bzip2.compress
BZip2 Version	1.0.4, 20-Dec-2006


Directive	Local Value	Master Value
cgi.check_shebang_line	1	1
cgi.fix_pathinfo	1	1
cgi.force_redirect	1	1
cgi.nph	0	0
cgi.redirect_status_env	no value	no value
cgi.rfc2616_headers	0	0
fastcgi.logging	1	1


ctype functions	enabled


cURL support	enabled
cURL Information	libcurl/7.18.0 OpenSSL/0.9.8e zlib/1.2.3 libssh2/0.18


date/time support	enabled
"Olson" Timezone Database Version	2008.2
Timezone Database	internal
Default timezone	Europe/Berlin

Directive	Local Value	Master Value
date.default_latitude	31.7667	31.7667
date.default_longitude	35.2333	35.2333
date.sunrise_zenith	90.583333	90.583333
date.sunset_zenith	90.583333	90.583333
date.timezone	no value	no value


DOM/XML	enabled
DOM/XML API Version	20031129
libxml Version	2.6.32
HTML Support	enabled
XPath Support	enabled
XPointer Support	enabled
Schema Support	enabled
RelaxNG Support	enabled


Input Validation and Filtering	enabled
Revision	$Revision: 1.74 $

Directive	Local Value	Master Value
filter.default	unsafe_raw	unsafe_raw
filter.default_flags	no value	no value


FTP support	enabled


GD Support	enabled
GD Version	bundled (2.0.34 compatible)
FreeType Support	enabled
FreeType Linkage	with freetype
FreeType Version	2.3.7
T1Lib Support	enabled
GIF Read Support	enabled
GIF Create Support	enabled
JPG Support	enabled
PNG Support	enabled
WBMP Support	enabled
XPM Support	enabled
XBM Support	enabled


gmp support	enabled
GMP version	4.2.2


hash support	enabled
Hashing Engines	md2 md4 md5 sha1 sha256 sha384 sha512 ripemd128 ripemd160 ripemd256 ripemd320 whirlpool tiger128,3 tiger160,3 tiger192,3 tiger128,4 tiger160,4 tiger192,4 snefru gost adler32 crc32 crc32b haval128,3 haval160,3 haval192,3 haval224,3 haval256,3 haval128,4 haval160,4 haval192,4 haval224,4 haval256,4 haval128,5 haval160,5 haval192,5 haval224,5 haval256,5


iconv support	enabled
iconv implementation	libiconv
iconv library version	1.11

Directive	Local Value	Master Value
iconv.input_encoding	ISO-8859-1	ISO-8859-1
iconv.internal_encoding	ISO-8859-1	ISO-8859-1
iconv.output_encoding	ISO-8859-1	ISO-8859-1


IMAP c-Client Version	2004
SSL Support	enabled


json support	enabled
json version	1.2.1


LDAP Support	enabled
RCS Version	$Id: ldap.c,v 2007/12/31 07:20:07 sebastian Exp $
Total Links	0/unlimited
API Version	3001
Vendor Name	OpenLDAP
Vendor Version	20342


libXML support	active
libXML Version	2.6.32
libXML streams	enabled


Multibyte Support	enabled
Multibyte string engine	libmbfl
Multibyte (japanese) regex support	enabled
Multibyte regex (oniguruma) version	4.4.4
Multibyte regex (oniguruma) backtrack check	On

mbstring extension makes use of "streamable kanji code filter and converter", which is distributed under the GNU Lesser General Public License version 2.1.

Directive	Local Value	Master Value
mbstring.detect_order	no value	no value
mbstring.encoding_translation	Off	Off
mbstring.func_overload	0	0
mbstring.http_input	pass	pass
mbstring.http_output	pass	pass
mbstring.internal_encoding	ISO-8859-1	no value
mbstring.language	neutral	neutral
mbstring.script_encoding	no value	no value
mbstring.strict_detection	Off	Off
mbstring.substitute_character	no value	no value


mcrypt support	enabled
Version	2.5.8
Api No	20021217
Supported ciphers	cast-128 gost rijndael-128 twofish arcfour cast-256 loki97 rijndael-192 saferplus wake blowfish-compat des rijndael-256 serpent xtea blowfish enigma rc2 tripledes
Supported modes	cbc cfb ctr ecb ncfb nofb ofb stream

Directive	Local Value	Master Value
mcrypt.algorithms_dir	no value	no value
mcrypt.modes_dir	no value	no value


MHASH support	Enabled
MHASH API Version	20060101


MSSQL Support	enabled
Active Persistent Links	0
Active Links	0
Library version	FreeTDS

Directive	Local Value	Master Value
mssql.allow_persistent	On	On
mssql.batchsize	0	0
mssql.charset	no value	no value
mssql.compatability_mode	Off	Off
mssql.connect_timeout	5	5
mssql.datetimeconvert	On	On
mssql.max_links	Unlimited	Unlimited
mssql.max_persistent	Unlimited	Unlimited
mssql.max_procs	Unlimited	Unlimited
mssql.min_error_severity	10	10
mssql.min_message_severity	10	10
mssql.secure_connection	Off	Off
mssql.textlimit	Server default	Server default
mssql.textsize	Server default	Server default
mssql.timeout	60	60


MySQL Support	enabled
Active Persistent Links	0
Active Links	0
Client API version	5.0.51a
MYSQL_SOCKET	/tmp/mysql.sock
MYSQL_LIBS	no value

Directive	Local Value	Master Value
mysql.allow_persistent	On	On
mysql.connect_timeout	60	60
mysql.default_host	no value	no value
mysql.default_password	no value	no value
mysql.default_port	no value	no value
mysql.default_socket	no value	no value
mysql.default_user	no value	no value
mysql.max_links	Unlimited	Unlimited
mysql.max_persistent	Unlimited	Unlimited
mysql.trace_mode	Off	Off


MysqlI Support	enabled
Client API library version	5.0.51a
Client API header version	5.0.51a
MYSQLI_SOCKET	/tmp/mysql.sock

Directive	Local Value	Master Value
mysqli.default_host	no value	no value
mysqli.default_port	3306	3306
mysqli.default_pw	no value	no value
mysqli.default_socket	no value	no value
mysqli.default_user	no value	no value
mysqli.max_links	Unlimited	Unlimited
mysqli.reconnect	Off	Off


OpenSSL support	enabled
OpenSSL Version	OpenSSL 0.9.8e 23 Feb 2007


PCRE (Perl Compatible Regular Expressions) Support	enabled
PCRE Library Version	7.6 2008-01-28

Directive	Local Value	Master Value
pcre.backtrack_limit	100000	100000
pcre.recursion_limit	100000	100000


PDF Support	enabled
PDFlib GmbH Version	7.0.2
PECL Version	2.1.5
Revision	$Revision: 1.7 $


PDO support	enabled
PDO drivers	sqlite, mysql


PDO Driver for MySQL, client library version	5.0.51a


PDO Driver for SQLite 3.x	enabled
PECL Module version	(bundled) 1.0.1 $Id: pdo_sqlite.c,v 2007/12/31 07:20:10 sebastian Exp $
SQLite Library	3.3.7


Revision	$Revision: $


Reflection	enabled
Version	$Id: php_reflection.c,v 2008/03/13 15:56:21 iliaa Exp $


Session Support	enabled
Registered save handlers	files user
Registered serializer handlers	php php_binary wddx

Directive	Local Value	Master Value
session.auto_start	Off	Off
session.bug_compat_42	On	On
session.bug_compat_warn	On	On
session.cache_expire	180	180
session.cache_limiter	nocache	nocache
session.cookie_domain	no value	no value
session.cookie_httponly	Off	Off
session.cookie_lifetime	0	0
session.cookie_path	/	/
session.cookie_secure	Off	Off
session.entropy_file	no value	no value
session.entropy_length	0	0
session.gc_divisor	100	100
session.gc_maxlifetime	7200	7200
session.gc_probability	1	1
session.hash_bits_per_character	4	4
session.hash_function	0	0	PHPSESSID	PHPSESSID
session.referer_check	no value	no value
session.save_handler	files	files
session.save_path	no value	no value
session.serialize_handler	php	php
session.use_cookies	On	On
session.use_only_cookies	Off	Off
session.use_trans_sid	0	0


Simplexml support	enabled
Revision	$Revision: $
Schema support	enabled


NET-SNMP Support	enabled
NET-SNMP Version


Soap Client	enabled
Soap Server	enabled

Directive	Local Value	Master Value
soap.wsdl_cache	1	1
soap.wsdl_cache_dir	/tmp	/tmp
soap.wsdl_cache_enabled	1	1
soap.wsdl_cache_limit	5	5
soap.wsdl_cache_ttl	86400	86400


Sockets Support	enabled


SPL support	enabled
Interfaces	Countable, OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject
Classes	AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, DirectoryIterator, DomainException, EmptyIterator, FilterIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RegexIterator, RuntimeException, SimpleXMLIterator, SplFileInfo, SplFileObject, SplObjectStorage, SplTempFileObject, UnderflowException, UnexpectedValueException


SQLite support	enabled
PECL Module version	2.0-dev $Id: sqlite.c,v 2007/12/31 07:20:11 sebastian Exp $
SQLite Library	2.8.17
SQLite Encoding	iso8859

Directive	Local Value	Master Value
sqlite.assoc_case	0	0


Regex Library	Bundled library enabled
Dynamic Library Support	enabled
Path to sendmail	/usr/sbin/sendmail -t -i

Directive	Local Value	Master Value	1	1
assert.bail	0	0
assert.callback	no value	no value
assert.quiet_eval	0	0
assert.warning	1	1
auto_detect_line_endings	0	0
default_socket_timeout	60	60
safe_mode_allowed_env_vars	PHP_	PHP_
safe_mode_protected_env_vars	LD_LIBRARY_PATH	LD_LIBRARY_PATH
url_rewriter.tags	a=href,area=href,frame=src,input=src,form=,fieldset=	a=href,area=href,frame=src,input=src,form=,fieldset=
user_agent	no value	no value


Tidy support	enabled
libTidy Release	18 June 2008
Extension Version	2.0 ($Id: tidy.c,v 2007/12/31 07:20:14 sebastian Exp $)

Directive	Local Value	Master Value
tidy.clean_output	no value	no value
tidy.default_config	no value	no value


Tokenizer Support	enabled


WDDX Support	enabled
WDDX Session Serializer	enabled


XML Support	active
XML Namespace Support	active
libxml2 Version	2.6.32


XMLReader	enabled


core library version	xmlrpc-epi v. 0.51
php extension version	0.51
author	Dan Libby
open sourced by


XMLWriter	enabled


XSL	enabled
libxslt Version	1.1.24
libxslt compiled against libxml Version	2.6.32
EXSLT	enabled
libexslt Version	1.1.24


YAZ Support	enabled
PHP/YAZ Version	1.0.14
YAZ Version	3.0.26
Compiled with YAZ version	3.0.26


Zip	enabled
Extension Version	$Id: php_zip.c,v 1.99 2007/01/18 02:05:18 pajoye Exp $
Zip version	1.9.0
Libzip version	0.7.1


ZLib Support	enabled
Stream Wrapper support	compress.zlib://
Stream Filter support	zlib.inflate, zlib.deflate
Compiled Version	1.2.3
Linked Version	1.2.3

Directive	Local Value	Master Value
zlib.output_compression	Off	Off
zlib.output_compression_level	-1	-1
zlib.output_handler	no value	no value

Additional Modules

Module Name


Variable	Value
DOCUMENT_ROOT	/var/www/syncer/public
HTTP_ACCEPT	application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
HTTP_ACCEPT_CHARSET	ISO-8859-1,utf-8;q=0.7,*;q=0.3
HTTP_ACCEPT_ENCODING	gzip,deflate,sdch
HTTP_ACCEPT_LANGUAGE	nl-NL,nl;q=0.8,en-US;q=0.6,en;q=0.4
HTTP_HOST	woefwafserver
HTTP_USER_AGENT	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
PATH	/bin:/usr/bin
REQUEST_URI	/phpinfo
SCRIPT_FILENAME	/var/www/syncer/public/phpinfo.php
SCRIPT_NAME	/phpinfo.php
SERVER_NAME	woefwafserver
SERVER_SOFTWARE	Apache/2.2.9 (FreeBSD) mod_ssl/2.2.9 OpenSSL/0.9.8e DAV/2

PHP Variables

Variable	Value
_SERVER["DOCUMENT_ROOT"]	/var/www/syncer/public
_SERVER["HTTP_ACCEPT"]	application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
_SERVER["HTTP_ACCEPT_CHARSET"]	ISO-8859-1,utf-8;q=0.7,*;q=0.3
_SERVER["HTTP_ACCEPT_ENCODING"]	gzip,deflate,sdch
_SERVER["HTTP_ACCEPT_LANGUAGE"]	nl-NL,nl;q=0.8,en-US;q=0.6,en;q=0.4
_SERVER["HTTP_HOST"]	woefwafserver
_SERVER["HTTP_USER_AGENT"]	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
_SERVER["PATH"]	/bin:/usr/bin
_SERVER["SCRIPT_FILENAME"]	/var/www/syncer/public/phpinfo.php
_SERVER["SCRIPT_NAME"]	/phpinfo.php
_SERVER["SERVER_NAME"]	woefwafserver
_SERVER["SERVER_SOFTWARE"]	Apache/2.2.9 (FreeBSD) mod_ssl/2.2.9 OpenSSL/0.9.8e DAV/2
_SERVER["PHP_SELF"]	/phpinfo.php
_SERVER["REQUEST_TIME"]	1294225352
_SERVER["argc"]	0
_ENV["DOCUMENT_ROOT"]	/var/www/syncer/public
_ENV["HTTP_ACCEPT"]	application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
_ENV["HTTP_ACCEPT_CHARSET"]	ISO-8859-1,utf-8;q=0.7,*;q=0.3
_ENV["HTTP_ACCEPT_ENCODING"]	gzip,deflate,sdch
_ENV["HTTP_ACCEPT_LANGUAGE"]	nl-NL,nl;q=0.8,en-US;q=0.6,en;q=0.4
_ENV["HTTP_CONNECTION"]	keep-alive
_ENV["HTTP_HOST"]	woefwafserver
_ENV["HTTP_USER_AGENT"]	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
_ENV["PATH"]	/bin:/usr/bin
_ENV["QUERY_STRING"]	no value
_ENV["REQUEST_URI"]	/phpinfo
_ENV["SCRIPT_FILENAME"]	/var/www/syncer/public/phpinfo.php
_ENV["SCRIPT_NAME"]	/phpinfo.php
_ENV["SERVER_NAME"]	woefwafserver
_ENV["SERVER_SOFTWARE"]	Apache/2.2.9 (FreeBSD) mod_ssl/2.2.9 OpenSSL/0.9.8e DAV/2

PHP License

This program is free software; you can redistribute it and/or modify it under the terms of the PHP License as published by the PHP Group and included in the distribution in the file: LICENSE

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

If you did not receive a copy of the PHP license, or have any questions about PHP licensing, please contact

Changed 3 years ago by poupou


comment:2 Changed 3 years ago by poupou

Login not working for me with version 1.1 and 1.1.1 and php version 5.2.14. Cache cleared and tested with Firefox and Chrome

comment:4 in reply to: ↑ 3 Changed 3 years ago by ajaborsk

Replying to matt:

see possible solution:,70673,page=1#msg-70691

Thank you for your response, but this does not solve the trouble for me. Still unable to login...

I'll investigate further the problem when I'll get a bit of free time (not before several days).


comment:5 Changed 3 years ago by vipsoft (robocoder)

(In [3644]) refs #1958 - improve form security error message

comment:6 Changed 3 years ago by vipsoft (robocoder)

So far, the phpinfo hasn't helped. I'd like to see what's causing the login to fail.

In core/Nonce.php, add some debugging, login, send us the output, and then remove the debugging.

	static public function verifyNonce($id, $cnonce)
		$ns = new Piwik_Session_Namespace($id);
		$nonce = $ns->nonce;

var_dump($_SERVER); die; // add this line

		// validate token
		if(empty($cnonce) || $cnonce !== $nonce)
			return false;

comment:7 Changed 3 years ago by ajaborsk


Here is the result (coockies removed just before) :

array(34) { UNIQUE_ID?=> string(24) "TSVgUlQQXBsAAHOzMfoAAAEJ" SCRIPT_URL?=> string(16) "/piwik/index.php" SCRIPT_URI?=> string(42) "" HTTP_HOST?=> string(19) "" HTTP_USER_AGENT?=> string(112) "Mozilla/5.0 (X11; U; Linux x86_64; fr; rv: Gecko/20110102 Ubuntu/10.10 (maverick) Namoroka/3.6.14pre" HTTP_ACCEPT?=> string(63) "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" HTTP_ACCEPT_LANGUAGE?=> string(35) "fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3" HTTP_ACCEPT_ENCODING?=> string(12) "gzip,deflate" HTTP_ACCEPT_CHARSET?=> string(30) "ISO-8859-1,utf-8;q=0.7,*;q=0.7" HTTP_KEEP_ALIVE?=> string(3) "115" HTTP_CONNECTION?=> string(10) "keep-alive" HTTP_REFERER?=> string(102) "" HTTP_COOKIE?=> string(164) "piwik_auth=login%3DImFsZXhhbmRyZS5qYWJvcnNrYSI%3D%3Atoken_auth%3DIjRmNGNmNGYwYzg4OTk3MmM5NTExODIwYTZjYTlhMWQyIg%3D%3D%3A_%3Dfbb3345b96d389589a49508d9d300e5a39160d8d" CONTENT_TYPE?=> string(33) "application/x-www-form-urlencoded" CONTENT_LENGTH?=> string(2) "96" PATH?=> string(91) "/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/opt/apache/bin:/opt/mysql/bin" SERVER_SIGNATURE?=> string(0) "" SERVER_SOFTWARE?=> string(6) "Apache" SERVER_NAME?=> string(19) "" SERVER_ADDR?=> string(11) "" SERVER_PORT?=> string(2) "80" REMOTE_ADDR?=> string(14) "" DOCUMENT_ROOT?=> string(46) "/home/www/ab09e4ca36157e8de9f2c9cdd0d79844/web" SERVER_ADMIN?=> string(25) "webmaster@…" SCRIPT_FILENAME?=> string(62) "/home/www/ab09e4ca36157e8de9f2c9cdd0d79844/web/piwik/index.php" REMOTE_PORT?=> string(5) "56284" GATEWAY_INTERFACE?=> string(7) "CGI/1.1" SERVER_PROTOCOL?=> string(8) "HTTP/1.1" REQUEST_METHOD?=> string(4) "POST" QUERY_STRING?=> string(59) "module=CoreHome&action=index&idSite=1&period=day&date=today" REQUEST_URI?=> string(76) "/piwik/index.php?module=CoreHome&action=index&idSite=1&period=day&date=today" SCRIPT_NAME?=> string(16) "/piwik/index.php" PHP_SELF?=> string(16) "/piwik/index.php" REQUEST_TIME?=> int(1294295122) }

comment:8 Changed 3 years ago by matt (mattab)

See also report in forum with php ini:,70782

comment:9 Changed 3 years ago by vipsoft (robocoder)

Hmmm... the piwik_auth cookie is set, and the query string shows that ajaborsk was redirected to CoreHome.

Try deleting the files in piwik/tmp/assets/.

comment:10 Changed 3 years ago by ajaborsk

I deleted files in piwik/tmp/assets/

No change.

two of the users in the forum thread given by matt are using services, as me. Maybe a .htaccess issue ?


comment:11 Changed 3 years ago by matt (mattab)

One more report possibly a different bug?,70874
After upgrade to 1.1.1, I got error when I logout from a login session, here is the error:

Warning: session_regenerate_id() [<a href='function.session-regenerate-id'>function.session-regenerate-id</a>]: Session object destruction failed in \wwwroot\piwik\libs\Zend\Session.php on line 313

Here is the backtrace:

#0 Piwik_ErrorHandler(2, session_regenerate_id() [<a href='function.session-regenerate-id'>function.session-regenerate-id</a>]: Session object destruction failed, \wwwroot\piwik\libs\Zend\Session.php, 313, Array ([filename] => ,[linenum] => 0))#1 session_regenerate_id(1) called at [\wwwroot\piwik\libs\Zend\Session.php:313]#2 Zend_Session::regenerateId() called at [\wwwroot\piwik\plugins\Login\Controller.php:384]#3 Piwik_Login_Controller::clearSession() called at [\wwwroot\piwik\plugins\Login\Controller.php:395]#4 Piwik_Login_Controller->logout()#5 call_user_func_array(Array ([0] => Piwik_Login_Controller Object ([] => Login,[] => ,[] => ,[] => 0,[] => Piwik_Site Object ([] => 0)),[1] => logout), Array ()) called at [\wwwroot\piwik\core\FrontController.php:125]#6 Piwik_FrontController->dispatch() called at [\wwwroot\piwik\index.php:60]

comment:12 Changed 3 years ago by vipsoft (robocoder)

(In [3659]) refs #1958 - revert this line from [3529]

comment:13 Changed 3 years ago by vipsoft (robocoder)

Different bug; fixed in r3659

comment:14 Changed 3 years ago by vipsoft (robocoder)

Are only Infomaniak users affected? I've made no progress in code inspection or trying to reproduce the problem using different php versions and php.ini settings.

Changed 3 years ago by jlemoine

comment:15 Changed 3 years ago by jlemoine

I do, and I'm not an Infomaniak customer. Piwik is self hosted, on an old XServe (MacOS X 10.4).

Piwik is updated using cvs : version 1.1.1 revision 3690.
The login is broken since the update to version 1.1.

Here is the result of the var_dump() :

array(34) {

CONTENT_TYPE? => "application/x-www-form-urlencoded"
DOCUMENT_ROOT? => "/Library/WebServer/html/server/www"
HTTP_ACCEPT? => "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
HTTP_ACCEPT_CHARSET? => "ISO-8859-1,utf-8;q=0.7,*;q=0.7"
HTTP_ACCEPT_ENCODING? => "gzip, deflate"
HTTP_ACCEPT_LANGUAGE? => "fr-fr,fr;q=0.8,en-us;q=0.5,en;q=0.3"
HTTP_CONNECTION? => "keep-alive"
HTTP_COOKIE? => "piwik_auth=login%3DIlAxdzFrIg%3D%3D%3Atoken_auth%3DIjcwMmFmMGIzZDhlMTgxMGI3ZjZmODViYTkyYTZjODI3Ig%3D%3D%3A_%3D11cc71c7f164a89de459262048cd2fac298150c5; PIWIK_SESSID=4k0j3b2nnudl623fk9t2onk8v2"
HTTP_HOST? => ""
HTTP_USER_AGENT? => "Mozilla/5.0 (X11; Linux i686; rv:2.0b9pre) Gecko/20110110 Firefox-4.0/4.0b9pre"
PATH? => "/usr/local/php5/oracle:/bin:/sbin:/usr/bin:/usr/sbin:/usr/libexec:/System/Library/CoreServices"
REMOTE_ADDR? => "10.25.xx.xx"
REMOTE_PORT? => "39787"
SCRIPT_FILENAME? => "/Library/WebServer/html/server/piwik/www/index.php"
SERVER_ADDR? => "193.50.xx.xx"
SERVER_ADMIN? => "server@…"
SERVER_PORT? => "80"
SERVER_SOFTWARE? => "Apache/1.3.41 (Darwin) PHP/5.2.4 mod_ssl/2.8.31 OpenSSL/0.9.7l"
REQUEST_URI? => "/piwik/index.php"
SCRIPT_NAME? => "/piwik/index.php"
PATH_TRANSLATED? => "/Library/WebServer/html/server/piwik/www/index.php"
PHP_SELF? => "/piwik/index.php"
REQUEST_TIME? => int(1294650398)
argv? => array(0) { }
argc? => int(0)


I aded my phpinfo() as an attachment under the name phpinfo-xserve.html.

comment:16 Changed 3 years ago by vipsoft (robocoder)

  • Resolution set to fixed
  • Status changed from new to closed

(In [3706]) quick fixes #1958 - always use safe_serialize/safe_unserialize as there are sites with custom php builds that exhibit buggy json_encode/json_decode behaviour preventing login; since we use json_encode/json_decode for the dashboard, we can debug further there

p.s. Infomaniak's conclusion (posted in the forum) is inaccurate, and their bug fix is wrong (in more ways than one).

1) json_encode/json_decode is not a 5.3 feature. It was added in php 5.2.0. (I tested with 5.2.0, 5.2.1, 5.2.13, 5.2.14, 5.2.16, and 5.2.17 without Infomaniak's "fix". One of the phpinfo I received shows php was built with --disable-all, and then --enable specific extensions.)

2) their "fix" to use preg_match(/5.2.1/, PHP_VERSION) no longer matches broken 5.2.0, and excludes 5.2.2 through 5.2.9, but includes 5.2.10 - 5.2.17 (latest 5.2.x); *boggle*

comment:17 Changed 3 years ago by vipsoft (robocoder)

(In [3709]) delete invalid cookies, refs #1958

comment:18 Changed 3 years ago by vipsoft (robocoder)

(In [3712]) refs #1958 - discard entire cookie content if any part fails to unserialize

comment:19 Changed 3 years ago by vipsoft (robocoder)

(In [3713]) refs #1958 - yet another typo

comment:20 Changed 3 years ago by vipsoft (robocoder)

p.s. I got access to an Infomaniak account, and traced the problem to a broken json_encode. Infomaniak did some more troubleshooting and identified the problem as a broken php build (i.e., they were still using the pecl extension for json instead of the one bundled with php 5.2.x).

comment:21 Changed 3 years ago by vipsoft (robocoder)

  • Summary changed from Login not working in 1.1.1 for some users to Broken json extension: Login not working in 1.1.1 for some users
Note: See TracTickets for help on using tickets.