Opened 7 months ago

Closed 8 days ago

#339 closed defect (invalid)

xache3.1.0 Repeat pop-up window requires authentication

Reported by: RucLinux Owned by: moo
Priority: major Milestone: black hole
Component: cacher Version: 3.1.0
Keywords: Cc:
Application: PHP Version: PHP 5.4.24
Other Exts: SAPI: Irrelevant
Probability: Blocked By:
Blocking:

Description

My e-mail address: jiayublog#foxmail.com
I can not log xcache3.1.0 management panel.Enter the correct user name and password are constantly requires authentication pop-up window, can not log in normally.User names and passwords are accurate.

#wget http://xcache.lighttpd.net/pub/Releases/3.1.0/xcache-3.1.0.tar.gz
#tar -zxvf xcache-3.1.0.tar.gz
#cd xcache-3.1.0
#phpize
#./configure -with-php-config=/usr/bin/php-config -enable-xcache -enable-xcache-coverager -enable-inline-optimization -disable-debug
#make && make install
#vi /etc/php.d/xcache.ini
[xcache-common]
zend_extension = /usr/lib/php/modules/xcache.so
[xcache.admin]
xcache.admin.enable_auth = On
xcache.admin.user = "admin"
xcache.admin.pass = md5($pass)

#cp -ar htdocs /www/root/
#service php-fpm restart
#service httpd restart
#php -v
PHP 5.4.24 (cli) (built: Jan 10 2014 18:37:23) 
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies
    with XCache v3.1.0, Copyright (c) 2005-2013, by mOo
    with XCache Cacher v3.1.0, Copyright (c) 2005-2013, by mOo
    with XCache Coverager v3.1.0, Copyright (c) 2005-2013, by mOo

http://Domain/htdocs/index.php
XCache Authentication Failed

Attachments (2)

Screenshot.png (41.1 KB) - added by RucLinux 7 months ago.
Screenshot-1.png (25.5 KB) - added by RucLinux 7 months ago.

Download all attachments as: .zip

Change History (9)

Changed 7 months ago by RucLinux

Changed 7 months ago by RucLinux

comment:1 Changed 7 months ago by RucLinux

I need your help, thank you
How do I solve this problem?

comment:2 follow-up: Changed 7 months ago by moo

please load xcache using "extension=xcache.so" instead of zend_extension. alternatively try to add var_dump($_SERVER); exit; in the top of xcache index.php

comment:3 in reply to: ↑ 2 Changed 7 months ago by RucLinux

Replying to moo:

please load xcache using "extension=xcache.so" instead of zend_extension. alternatively try to add var_dump($_SERVER); exit; in the top of xcache index.php

My module configuration is extension = /usr/lib/php/modules/xcache.so

<?php
var_dump($_SERVER);
exit;
?>

I will add the above code to the top of index.php, open the page garbled, and shows all the variable information.

Thank you for your help

comment:4 Changed 7 months ago by moo

sorry for missing steps

  1. do not add the above code. open the page that ask for password, don't type/submit yet
  2. add code var_dump($_SERVER); exit;
  3. input any password, valid or not. confirm the dialog (to submit it)

please check the page for HTTP_*AUTH* to see if any password there. there were multiple report of this problem long time ago and no one provide enough feedback, because sadly everybody is satisfied with xcache.admin.enable_auth=off as workaround. i'd like to troubleshoot the problem and remove xcache.admin.enable_auth setting

comment:5 Changed 7 months ago by perksi

I've also just reproduced this issue, the xcache.admin.enable_auth=off workaround meant that I can now get into the admin bit; what other information can I provide to assist?

Incidentally, before I added the enable_auth=off setting I adjusted the cacher/index.php around line 259 ...

error_log('Before Auth');
xcache_count(XC_TYPE_PHP); // trigger auth
error_log('After Auth');

... it never gave me the After Auth message in the error log.

Does this help?

Version 2, edited 7 months ago by perksi (previous) (next) (diff)

comment:6 Changed 5 months ago by lathiat

Hitting this issue here, I am using php-fpm with mod_proxy_fcgi on Apache 2.4

The issue is the authorisation headers are not correctly passed through. It's unclear if this is intentional ('security') or a problem with the case of the variable.. a few references:
http://www.rosmir.org/Index/Docs/archive/LabsFolder/FastCGI
http://stackoverflow.com/questions/17488656/zend-server-windows-authorization-header-is-not-passed-to-php-script
Comments section: http://us3.php.net/features.http-auth
https://discussion.dreamhost.com/thread-71152.html

Creating .htaccess under xcache directory with the following fixes the issue for me:
SetEnvIf? Authorization .+ HTTP_AUTHORIZATION=$0

The other suggestions was a mod_rewrite rule in the urls above but that required customising the PHP code as the variable name differs.

Without that, var_dump shows absolutely no auth information.

comment:7 Changed 8 days ago by moo

  • Milestone changed from undecided to black hole
  • Resolution set to invalid
  • Status changed from new to closed

flagging as invalidate because this is http server issue that don't pass http auth to backend

Note: See TracTickets for help on using tickets.