Page MenuHomePhabricator

Cannot log in when username contains spaces in PHP 7.4: "wrong username or password"
Closed, DuplicatePublic

Description

ПродуктВерсия
MediaWiki1.31.6 (c168a3f) 20:28, 19 декабря 2019
PHP7.4.2 (fpm-fcgi)
MariaDB10.3.21-MariaDB-1:10.3.21+maria~disco-log
ICU64.2
LuaSandbox3.0.3
Lua5.1.5
LilyPond2.18.2

In PHP 7.4 a bug was fixed: Bug #78929, plus signs in cookie values are converted to spaces.

Now, I cannot login under a username consisting of two words. One-word usernames still work. The login screen displays the username with a plus sign instead of the space.

If I keep it, login fails with "wrong username or password". If I replace it with a space, I am redirected to the page version shown to anonymous users, and my subsequent edits are anonymous. The cookies for user name and user ID are set correctly. The debug log says:

…
User: cache miss for user 22
…
 User: loading options for user 22 from database
…
Session "ecd5g7rtb2mnckj8mg5tben39blchujn" requested with mismatched UserID and UserName cookies.
…
[session] SessionBackend "834q3173a0ovtdfqocreua0pq447su39" is unsaved, marking dirty in constructor
[session] SessionBackend "834q3173a0ovtdfqocreua0pq447su39" save: dataDirty=1 metaDirty=1 forcePersist=0
[cookie] setcookie: "…_session", "", "1548417355", "/", "", "", "1"
[cookie] setcookie: "…UserID", "", "1548417355", "/", "", "", "1"
[cookie] already deleted setcookie: "…Token", "", "1548417355", "/", "", "", "1"
[cookie] already deleted setcookie: "forceHTTPS", "", "1548417355", "/", "", "", "1"
…

LocalSettings.php:

$wgSessionCacheType = CACHE_DB;

php.ini:

session.save_handler = files
session.save_path = "/var/cache/session"

I have managed to temporarily fix the issue by wrapping $this->getCookie( $request, 'UserName', $prefix ) in CookieSessionProvider::getUserInfoFromCookies () with urldecode ().

Event Timeline

Anomie added a subscriber: Anomie.

In PHP 7.4 a bug was fixed: Bug #78929, plus signs in cookie values are converted to spaces.

Looks like that introduced a new bug because they didn't change setcookie() to match. Filed that upstream as https://bugs.php.net/bug.php?id=79174.

Resolved upstream. If you're using PHP 7.4, upgrade to 7.4.3 or later.

Aklapper renamed this task from Spaces in logins under PHP 7.4 to Cannot log in when username contains spaces in PHP 7.4: "wrong username or password".Jan 30 2020, 3:45 PM
Rainer_Klute added a subscriber: Rainer_Klute.

Arrrgh! I just upgraded from PHP 7.4.1 to 7.4.3 – and that bug is back again!

BTW, I am running MediaWiki 1.34.0.

Rainer_Klute claimed this task.

False alert, sorry! It worked on a second try. Probably my cookies were still broken from a previous login. Phew!

We are having this problem on https://lokalhistoriewiki.no/ after upgrading from 1.31 to 1.35.1. The PHP version is 7.4.16. Any idea how to fix it?

We are having this problem on https://lokalhistoriewiki.no/ after upgrading from 1.31 to 1.35.1. The PHP version is 7.4.16. Any idea how to fix it?

Try purging the browser cache and cookies.