Updated from 3.2.6 to 3.2.7 problem logging in from the home page

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
User avatar
hurghanico
Registered User
Posts: 113
Joined: Mon May 07, 2018 10:59 am

Re: Updated from 3.2.6 to 3.2.7 problem logging in from the home page

Post by hurghanico » Sun May 05, 2019 7:10 pm

EA117 wrote:
Sun May 05, 2019 6:24 pm
Well, if you're willing, the attached functions.php . . .
I get these logs based related to my IP (excluding the admin account):
{Check form key for "login" SUCCESS based on time "1557082796" + salt "pl6rovh865aj7lu5" + form "login" + sid "cae767c5de03ff210f98e3d971fc6377".}

{Add form key for "login" created form token based on time "1557082796" + salt "pl6rovh865aj7lu5" + form "login" + sid "cae767c5de03ff210f98e3d971fc6377".}

{Add form key for "login" created form token based on time "1557082780" + salt "pl6rovh865aj7lu5" + form "login" + sid "5bd80e706fd87b4bfa644a039693aee3".}

{Check form key for "login" SUCCESS based on time "1557082761" + salt "pl6rovh865aj7lu5" + form "login" + sid "2b995882a256cd41ee2148e15667f9a7".}

{Add form key for "login" created form token based on time "1557082769" + salt "4ra1kjxiekkjef0s" + form "login" + sid "".} this is specifically labeled for Test-1 which is the test account just created, the other logs above are labeled as Anonymous

I found also a couple of specifically failed ones:
{Check form key for "login" FAILED based on time "1557082750" + salt "pl6rovh865aj7lu5" + form "login" + sid "2b995882a256cd41ee2148e15667f9a7".}

{Add form key for "login" created form token based on time "1557082761" + salt "pl6rovh865aj7lu5" + form "login" + sid "2b995882a256cd41ee2148e15667f9a7".}

and

{Check form key for "login" FAILED based on time "1557082725" + salt "pl6rovh865aj7lu5" + form "login" + sid "bb79ae58f13ddd5ba471c1f190f3f348".}

{Add form key for "login" created form token based on time "1557082750" + salt "pl6rovh865aj7lu5" + form "login" + sid "bb79ae58f13ddd5ba471c1f190f3f348".}

all coming form my IP

User avatar
EA117
Registered User
Posts: 1184
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Updated from 3.2.6 to 3.2.7 problem logging in from the home page

Post by EA117 » Sun May 05, 2019 7:24 pm

Except that if you showed me that log, I would have also asserted "there were no instances of form invalid during those logins", either. If you are getting "form invalid" during the login attempt, it's because check_login_key is failing. And all failure paths of check_login_key are illuminated with log entries in the debug functions.php, with one of the "failed" log messages.

Perhaps run the test a couple more times, and just make note yourself of "what shows up in the log when I've received a form invalid failure." i.e. Do you actually just get "nothing at all" at that exact time, or does your failed login attempt actually correlate with one of the "SUCCESS" messages that appears.

.... just saw your edit that added some "failed" entries, re-examining ....

User avatar
hurghanico
Registered User
Posts: 113
Joined: Mon May 07, 2018 10:59 am

Re: Updated from 3.2.6 to 3.2.7 problem logging in from the home page

Post by hurghanico » Sun May 05, 2019 7:27 pm

EA117 wrote:
Sun May 05, 2019 7:24 pm
Except that if you showed me that log, I would have also asserted "there were no instances of form invalid during those logins", either. If you are getting "form invalid" during the login attempt, it's because check_login_key is failing. And all failure paths of check_login_key are illuminated with log entries in the debug functions.php, with one of the "failed" log messages.

Perhaps run the test a couple more times, and just make note yourself of "what shows up in the log when I've received a form invalid failure." i.e. Do you actually just get "nothing at all" at that exact time, or does your failed login attempt actually correlate with one of the "SUCCESS" messages that appears.

.... just saw your edit that added some "failed" entries, re-examining ....
edited my last post with some "failed login" logs, all coming from my IP

User avatar
EA117
Registered User
Posts: 1184
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Updated from 3.2.6 to 3.2.7 problem logging in from the home page

Post by EA117 » Sun May 05, 2019 7:37 pm

The time stamps that are being shown on the "failed" entries pre-date any and all "Add form key" log entries that have been included here.

("Add form key" is when the login form is being presented, and "Check form key" is when someone actually submits a login attempt using that form.)

Possibly, this disparity is simply in how the log entries are being conveyed through this phpBB discussion thread, and that we don't have a "truly linear or complete view" of all the relevant logged entries. i.e. There actually are "Add form key" log entries with time stamps that correlate to the failed "Check for key" entries, but they simply aren't here in this post.

However. Another thing that could explain these "back-dated time stamps" might be the fact that there is a caching appliance between you and the phpBB server. Such as Cloudflare, which I see is in front of your site. So you might want to include testing temporarily turning off the Cloudflare caching, to see if that then correlates with "successful login where we thought it should already be successful."

Otherwise, trying to capture an additional and complete set of "Add form key" and resulting "Check form key" log entries, in exactly the order in which they appeared in the log, should be generated in order to try and either substantiate or rule out whether the time stamp disparity is really the failure issue.

User avatar
hurghanico
Registered User
Posts: 113
Joined: Mon May 07, 2018 10:59 am

Re: Updated from 3.2.6 to 3.2.7 problem logging in from the home page

Post by hurghanico » Sun May 05, 2019 8:06 pm

EA117 wrote:
Sun May 05, 2019 7:37 pm
The time stamps that are being shown on the "failed" entries pre-date any and all "Add form key" log entries that have been included here
Cloudflare is already in development mode which means that it is not caching..

This is the last few minutes logs, I erased just a few entries not coming from my IP and the ones related to my admin account:

Code: Select all

Anonymous 	151.41.221.198 	Sun May 05, 2019 9:53 pm 	{Check form key for "login" SUCCESS based on time "1557086032" + salt "pl6rovh865aj7lu5" + form "login" + sid "ecdfbb6e0ab59f4eebd0c512f6a52c1b".} 	

Anonymous 	151.41.221.198 	Sun May 05, 2019 9:53 pm 	{Add form key for "login" created form token based on time "1557086032" + salt "pl6rovh865aj7lu5" + form "login" + sid "ecdfbb6e0ab59f4eebd0c512f6a52c1b".} 	

Anonymous 	151.41.221.198 	Sun May 05, 2019 9:53 pm 	{Add form key for "login" created form token based on time "1557086027" + salt "pl6rovh865aj7lu5" + form "login" + sid "ecdfbb6e0ab59f4eebd0c512f6a52c1b".} 	

Anonymous 	151.41.221.198 	Sun May 05, 2019 9:53 pm 	{Check form key for "login" SUCCESS based on time "1557086006" + salt "pl6rovh865aj7lu5" + form "login" + sid "70b3619b41cda8b3f174478e668f2fc1".} 	

Test-1 	151.41.221.198 	Sun May 05, 2019 9:53 pm 	{Add form key for "login" created form token based on time "1557086016" + salt "dp99onjk511kgtox" + form "login" + sid "".} 	

Anonymous 	151.41.221.198 	Sun May 05, 2019 9:53 pm 	{Check form key for "login" FAILED based on time "1557085989" + salt "pl6rovh865aj7lu5" + form "login" + sid "70b3619b41cda8b3f174478e668f2fc1".} 	

Anonymous 	151.41.221.198 	Sun May 05, 2019 9:53 pm 	{Add form key for "login" created form token based on time "1557086006" + salt "pl6rovh865aj7lu5" + form "login" + sid "70b3619b41cda8b3f174478e668f2fc1".} 	

Anonymous 	151.41.221.198 	Sun May 05, 2019 9:53 pm 	{Add form key for "login" created form token based on time "1557085989" + salt "pl6rovh865aj7lu5" + form "login" + sid "b935fe6d80d68aae6a8682cbb2bbbf0e".} 	

Anonymous 	151.41.221.198 	Sun May 05, 2019 9:52 pm 	{Check form key for "login" SUCCESS based on time "1557085960" + salt "pl6rovh865aj7lu5" + form "login" + sid "e6865ab5cd0a2d3c03b9afe36633c1f7".} 	

Test-1 	151.41.221.198 	Sun May 05, 2019 9:52 pm 	{Add form key for "login" created form token based on time "1557085977" + salt "9942yi1vsphherve" + form "login" + sid "".} 	

Anonymous 	151.41.221.198 	Sun May 05, 2019 9:52 pm 	{Check form key for "login" FAILED based on time "1557085948" + salt "pl6rovh865aj7lu5" + form "login" + sid "e6865ab5cd0a2d3c03b9afe36633c1f7".} 	

Anonymous 	151.41.221.198 	Sun May 05, 2019 9:52 pm 	{Add form key for "login" created form token based on time "1557085960" + salt "pl6rovh865aj7lu5" + form "login" + sid "e6865ab5cd0a2d3c03b9afe36633c1f7".} 	

Anonymous 	151.41.221.198 	Sun May 05, 2019 9:52 pm 	{Add form key for "login" created form token based on time "1557085948" + salt "pl6rovh865aj7lu5" + form "login" + sid "f2db0e7647e541c18aa40dbb7537ec89".} 	
but I do not want too much advantage of your kind willingness and patience..
I am very grateful for the help you have already given me
Last edited by Mick on Thu May 09, 2019 8:23 am, edited 1 time in total.
Reason: Removed unnecessary quoting + added code tags.

User avatar
Lumpy Burgertushie
Registered User
Posts: 66934
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Updated from 3.2.6 to 3.2.7 problem logging in from the home page

Post by Lumpy Burgertushie » Sun May 05, 2019 8:43 pm

go ahead and clear the cloudfare cache anyway. then using your ftp, delete everything from your cache folder except the index and htaccess files.
then refresh your browser. I just spent an hour trying to figure out why edits to a template would not work and it turned out to be that useless cloudfare mess again.

just a thought.

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

User avatar
EA117
Registered User
Posts: 1184
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Updated from 3.2.6 to 3.2.7 problem logging in from the home page

Post by EA117 » Sun May 05, 2019 9:35 pm

Code: Select all

Anonymous 	151.41.221.198 	Sun May 05, 2019 9:52 pm 	{Check form key for "login" SUCCESS based on time "1557085960" + salt "pl6rovh865aj7lu5" + form "login" + sid "e6865ab5cd0a2d3c03b9afe36633c1f7".} 	

Test-1 	151.41.221.198 	Sun May 05, 2019 9:52 pm 	{Add form key for "login" created form token based on time "1557085977" + salt "9942yi1vsphherve" + form "login" + sid "".} 	

Anonymous 	151.41.221.198 	Sun May 05, 2019 9:52 pm 	{Check form key for "login" FAILED based on time "1557085948" + salt "pl6rovh865aj7lu5" + form "login" + sid "e6865ab5cd0a2d3c03b9afe36633c1f7".} 	

Anonymous 	151.41.221.198 	Sun May 05, 2019 9:52 pm 	{Add form key for "login" created form token based on time "1557085960" + salt "pl6rovh865aj7lu5" + form "login" + sid "e6865ab5cd0a2d3c03b9afe36633c1f7".} 	

Anonymous 	151.41.221.198 	Sun May 05, 2019 9:52 pm 	{Add form key for "login" created form token based on time "1557085948" + salt "pl6rovh865aj7lu5" + form "login" + sid "f2db0e7647e541c18aa40dbb7537ec89".} 
In this block (the oldest messages from your list; keep in mind phpBB is displaying "newest first", so we're reading from the bottom up), we have a login form built (i.e. "add form key") at time 1557085948 with sid #1, and then a second login form built at time 1557085960 with sid #2.

But then the first "check form key", which is also the one that fails, received a time value of 1557085948 (meaning the first login form that was built) but with sid #2 (meaning the posting of the login form did not happen in the same session as when the that login form was built).

The next "check form key", which succeeds, received a time value of 1557085960 (meaning the second login form that was built) but with sid #2 (which is the correct session ID for when that second login form was built).

That same pattern then repeats in the next sequence of "failed login followed by successful login":

Code: Select all

Anonymous 151.41.221.198 Sun May 05, 2019 9:53 pm {Check form key for "login" SUCCESS based on time "1557086006" + salt "pl6rovh865aj7lu5" + form "login" + sid "70b3619b41cda8b3f174478e668f2fc1".} 

Test-1 151.41.221.198 Sun May 05, 2019 9:53 pm {Add form key for "login" created form token based on time "1557086016" + salt "dp99onjk511kgtox" + form "login" + sid "".} 

Anonymous 151.41.221.198 Sun May 05, 2019 9:53 pm {Check form key for "login" FAILED based on time "1557085989" + salt "pl6rovh865aj7lu5" + form "login" + sid "70b3619b41cda8b3f174478e668f2fc1".} 

Anonymous 151.41.221.198 Sun May 05, 2019 9:53 pm {Add form key for "login" created form token based on time "1557086006" + salt "pl6rovh865aj7lu5" + form "login" + sid "70b3619b41cda8b3f174478e668f2fc1".} 

Anonymous 151.41.221.198 Sun May 05, 2019 9:53 pm {Add form key for "login" created form token based on time "1557085989" + salt "pl6rovh865aj7lu5" + form "login" + sid "b935fe6d80d68aae6a8682cbb2bbbf0e".} 
The first form is built at 1557085989 with sid #1, and the second form is built at 1557086006 with sid #2. The first attempt to login tries to use the older time stamp 1557085989 but with the latest sid #2 and fails. The re-attempt to login then has both the latest time stamp 1557086006 along with the latest sid #2 and succeeds.


What this allows us to conclude thus far:

1. The issue is not with the templates. The required login form fields are indeed present, same as inspection of the site had suggested. Your templates still need to be updated to phpBB 3.2.7 standards, if they haven't been already. But those template updates just "need to happen at some point", and is not the source of the current login failure.

2. When the first login form was built, the phpBB session ID for the Guest (not logged-on) user ended up changing between the time the form was received (i.e. rendering of GET index.php), and the time the form was actually used to attempt logging on (POST ucp.php?mode=login). Because the session ID phpBB was using during the POST no longer matched the session ID in use when the form was created/received via GET, login fails with "form invalid", exactly as it should fail under those conditions.

So the real question is, why did the phpBB session ID for a still-logged-out user change between the retrieving of the index page and the posting of the login form on that index page? I wish a knew the session mechanics definitively enough to assert what's possible, but that's not something I've had much experience with. Maybe someone with better session expertise will happen along here and know what to contribute.

Caching or something else still "between you and the phpBB server" still seems like a good explanation for this to me, though certainly not the only possibility. i.e. You received cached index page content that was actually built earlier and/or for some other logged-out session. But the first login attempt happens over your "real Guest session" (not the cached one reflected in the login fields), and so that initial login attempt fails. The second login attempt succeeds because the "re-display of the login form" now builds that form with the correct current session ID, and so posting that form succeeds.

User avatar
hurghanico
Registered User
Posts: 113
Joined: Mon May 07, 2018 10:59 am

Re: Updated from 3.2.6 to 3.2.7 problem logging in from the home page

Post by hurghanico » Sun May 05, 2019 10:02 pm

Lumpy Burgertushie wrote:
Sun May 05, 2019 8:43 pm
go ahead and clear the cloudfare cache anyway. then using your ftp, delete everything from your cache folder except the index and htaccess files.
then refresh your browser. I just spent an hour trying to figure out why edits to a template would not work and it turned out to be that useless cloudfare mess again.

just a thought.

robert
Thanks Robert for the suggestion..

I tried to do everything you said above, but after that only the first login happens normally and only after I clear also the browser cache, all the subsequent logins have the same issue described in my firt post

User avatar
hurghanico
Registered User
Posts: 113
Joined: Mon May 07, 2018 10:59 am

Re: Updated from 3.2.6 to 3.2.7 problem logging in from the home page

Post by hurghanico » Sun May 05, 2019 10:20 pm

Thank you very much for your time and for explaining your detailed hypothesis..
At this time the only thing I know fo sure is that before the last board update I didn't have this problem..

Something wrong happened in the procedure, but I don't know what.
At least I hope to find a way to update the style files and keep my mods in a quick way, it's the only thing left to do at the moment, even if probably will not fix this specific issue.
Last edited by Mick on Thu May 09, 2019 8:16 am, edited 1 time in total.
Reason: Removed unnecessary quoting.

User avatar
EA117
Registered User
Posts: 1184
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Updated from 3.2.6 to 3.2.7 problem logging in from the home page

Post by EA117 » Sun May 05, 2019 10:50 pm

hurghanico wrote:
Sun May 05, 2019 10:20 pm
At this time the only thing I know fo sure is that before the last board update I didn't have this problem..

Something wrong happened in the procedure, but I don't know what.
At least I hope to find a way to update the style files and keep my mods in a quick way, it's the only thing left to do at the moment, even if probably will not fix this specific issue.
That's a logical suspicion or empirical conclusion to make, but I don't think it's actually the correct technical diagnosis here. These last two updates (phpBB 3.2.6 and phpBB 3.2.7) have been trying to do something that none of the previous versions tried to do. The resulting issues are not "because the administrators incorrectly applied the updates" (although doing that, too, clearly would cause it's own issues) but simply because "phpBB is now doing something, and dependent on something, that phpBB wasn't dependent on before."

It's possible that you have ALWAYS been getting a cached copy of index.php for guest sessions. How would you know? And why would you care, since visually the logged-out page should "look the same for everyone?" But now in phpBB 3.2.6 and phpBB 3.2.7, not having the correct session ID as part of the page data "is a fatal issue" for using the login form on that page. It was never an issue before, because phpBB didn't care either. Now in phpBB 3.2.6 and later, phpBB cares about the session ID in that login form.

Something new that came up since my last post:

The setting of "Tie forms to guest sessions:" in the ACP General tab, Server configuration, Security settings controls whether or not Guest sessions (not-logged-on sessions) will try and put the session ID into the form data. (Any form, but now starting in phpBB 3.2.6 and phpBB 3.2.7, that includes the login form.) I thought this setting didn't work, but I was wrong and it actually does work.

So although the correct and most secure default for "Tie forms to guest sessions:" is "Yes", you could set this to "No" and then clear your caches. That way, if you do happen to be given "a cached copy of the index.php login forms that were actually built for a different Guest session", that cached login form should still be successful for you too, because the session ID used is both of them will be just NULL/blank.

Another thing that came to mind is whether your already-saved cookies in the browser, or even your phpBB cookie settings, might be an issue. If you hadn't already done that, delete the cookies from your browser just to make sure the re-created cookies still show the same issue. And I believe the cookie settings implied by the cookies I see your site creating are correct; but you might review them in phpBB ACP to make sure they are indeed as you intended.

User avatar
hurghanico
Registered User
Posts: 113
Joined: Mon May 07, 2018 10:59 am

Re: Updated from 3.2.6 to 3.2.7 problem logging in from the home page

Post by hurghanico » Sun May 05, 2019 11:33 pm

EA117 wrote:
Sun May 05, 2019 10:50 pm
Something new that came up since my last post:
That did the trick EA117!..

As you said some damned caching still happens somewhere in the way even if I purged everything (even manually) and put cloudflare in development mode (no caching)..

Your 100% working solution shows that your diagnosis was correct, and although generally speaking the style files should be updated, that it wasn't the reason of my issue.

Thank you very much!!
Last edited by Mick on Thu May 09, 2019 8:18 am, edited 1 time in total.
Reason: Removed unnecessary quoting.

User avatar
EA117
Registered User
Posts: 1184
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Updated from 3.2.6 to 3.2.7 problem logging in from the home page

Post by EA117 » Sun May 05, 2019 11:46 pm

hurghanico wrote:
Sun May 05, 2019 11:33 pm
As you said some damned caching still happens somewhere in the way even if I purged everything (even manually) and put cloudlfare in development mode (no caching)..
Glad this at least perhaps gives a decent interim solution, so that your users aren't able to hit a non-functional login form.

User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 3405
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.
Contact:

Re: Updated from 3.2.6 to 3.2.7 problem logging in from the home page

Post by thecoalman » Mon May 06, 2019 9:25 am

Lumpy Burgertushie wrote:
Sun May 05, 2019 8:43 pm
go ahead and clear the cloudfare cache anyway. then using your ftp, delete everything from your cache folder except the index and htaccess files.
then refresh your browser. I just spent an hour trying to figure out why edits to a template would not work and it turned out to be that useless cloudfare mess again.

just a thought.

robert
Cloudflare's default cache should not affect template edits, by default they only cache static files like CSS, JS, images etc. It does not cache files with .html or .php extensions without actions by the site owner. If you need to know if a file was cached by Cloudflare open up the developer console in your browser and look for the response header CF-Cache-Status If it's cached file it will have value of hit, if not present it's not cached.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison

Post Reply

Return to “[3.2.x] Support Forum”