We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When you try to login to fresh install of HestiaCP and have 2fa enabled, it fails on 2fa page, complaining about an invalid username/password error.
In the logs, it shows Undefined array key "password" error.
If you verify 2fa from CLI, it works fine (no output). If you use incorrect code, CLI correctly generates an error.
If you upgrade older HestiaCP to 1.6.0, 2fa works fine. The only thing I see different is that older versions use sha-512 as default, not yescrypt.
Control Panel Web Interface
1.6.0
Debian 11
2022/06/16 21:43:48 [error] 808#0: *76 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined variable $v_twofa in /usr/local/hestia/web/login/index.php on line 191" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: _, request: "POST /login/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/hestia-php.sock:", host: "web.domain.com:8083", referrer: "https://web.domain.com:8083/login/" 2022/06/16 21:43:58 [error] 808#0: *76 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined variable $v_twofa in /usr/local/hestia/web/login/index.php on line 191" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: _, request: "POST /login/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/hestia-php.sock:", host: "web.domain.com:8083", referrer: "https://web.domain.com:8083/login/" 2022/06/16 21:44:02 [error] 808#0: *76 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined variable $v_twofa in /usr/local/hestia/web/login/index.php on line 191" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: _, request: "POST /login/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/hestia-php.sock:", host: "web.domain.com:8083", referrer: "https://web.domain.com:8083/login/" 2022/06/16 21:44:52 [error] 808#0: *83 FastCGI sent in stderr: "PHP message: PHP Warning: session_destroy(): Trying to destroy uninitialized session in /usr/local/hestia/web/login/index.php on line 288" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: _, request: "POST /login/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/hestia-php.sock:", host: "web.domain.com:8083", referrer: "https://web.domain.com:8083/login/" 2022/06/16 21:44:55 [error] 808#0: *89 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined variable $v_twofa in /usr/local/hestia/web/login/index.php on line 191" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: _, request: "POST /login/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/hestia-php.sock:", host: "web.domain.com:8083", referrer: "https://web.domain.com:8083/login/" 2022/06/16 21:45:02 [error] 808#0: *89 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined array key "password" in /usr/local/hestia/web/login/index.php on line 135" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: _, request: "POST /login/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/hestia-php.sock:", host: "web.domain.com:8083", referrer: "https://web.domain.com:8083/login/" 2022/06/16 21:46:35 [error] 808#0: *99 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined variable $v_twofa in /usr/local/hestia/web/login/index.php on line 191" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: _, request: "POST /login/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/hestia-php.sock:", host: "web.domain.com:8083", referrer: "https://web.domain.com:8083/login/" 2022/06/16 21:46:39 [error] 808#0: *99 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined array key "password" in /usr/local/hestia/web/login/index.php on line 303PHP message: PHP Warning: Undefined array key "password" in /usr/local/hestia/web/login/index.php on line 135" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: _, request: "POST /login/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/hestia-php.sock:", host: "web.domain.com:8083", referrer: "https://web.domain.com:8083/login/" 2022/06/16 21:47:37 [error] 808#0: *108 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined variable $v_twofa in /usr/local/hestia/web/login/index.php on line 191" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: _, request: "POST /login/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/hestia-php.sock:", host: "web.domain.com:8083", referrer: "https://web.domain.com:8083/login/" 2022/06/16 21:47:40 [error] 808#0: *108 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined array key "password" in /usr/local/hestia/web/login/index.php on line 135" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: _, request: "POST /login/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/hestia-php.sock:", host: "web.domain.com:8083", referrer: "https://web.domain.com:8083/login/"
The text was updated successfully, but these errors were encountered:
jaapmarcus
Successfully merging a pull request may close this issue.
Describe the bug
When you try to login to fresh install of HestiaCP and have 2fa enabled, it fails on 2fa page, complaining about an invalid username/password error.
In the logs, it shows Undefined array key "password" error.
If you verify 2fa from CLI, it works fine (no output). If you use incorrect code, CLI correctly generates an error.
If you upgrade older HestiaCP to 1.6.0, 2fa works fine. The only thing I see different is that older versions use sha-512 as default, not yescrypt.
Tell us how to replicate the bug
Which components are affected by this bug?
Control Panel Web Interface
Hestia Control Panel Version
1.6.0
Operating system
Debian 11
Log capture
The text was updated successfully, but these errors were encountered: