Auth screen using http-auth shows page instead of default #5053

elbuit opened this Issue Nov 23, 2016 · 7 comments


None yet

2 participants

elbuit commented Nov 23, 2016 edited

I've runing a librenms using http-auth and since today update it doesn't works properly.
Librenms shows auth page ( and don't show main page when you have logged in.

It's a cosmetic issue because you can go trough easily writing any word in the username field.


Please read this information carefully.

GitHub issues is for feature requests or bugs, please do not post issues asking for help or how to do X, Y or Z.
You can use our irc channel ##librenms on freenode to ask questions or our community site.

  • Is your install up to date? Updating your install
    Please do not submit an issue if your install is not up to date within the last 24 hours or on a stable monthly release.
  • Please include all of the information between the ==================================== section of ./validate.php.
  • If you would like us to add a new device then please provide the information asked for here
  • Please provide as much detail as possible.
laf commented Nov 23, 2016

Can confirm the same, I'd advise to roll back a few commits for now.

@laf laf added the Bug label Nov 23, 2016
laf commented Dec 10, 2016

Is this still an issue?

elbuit commented Dec 10, 2016 edited

Yes, Neil.
I've updated right now and It's still hapenning.
Version 163a171 - Fri Dec 09 2016 22:29:30 GMT+0100
DB Schema #151
Web Server Apache/2.2.22 (Debian)
PHP 5.4.45-0+deb7u5
MySQL 10.0.27-MariaDB-0+deb8u1
RRDtool 1.5.5

laf commented Dec 10, 2016

Sorry :( I'll get an environment setup to test

laf commented Dec 11, 2016

Can you try this patch pls:

diff --git a/html/includes/ b/html/includes/
index d4b7b2c..e3a5db3 100644
--- a/html/includes/
+++ b/html/includes/
@@ -42,6 +42,8 @@ if (isset($_POST['username']) && isset($_POST['password'])) {
 } elseif (isset($_GET['username']) && isset($_GET['password'])) {
     $_SESSION['username'] = clean($_GET['username']);
     $_SESSION['password'] = $_GET['password'];
+} elseif (isset($_SERVER['REMOTE_USER'])) {
+    $_SESSION['username'] = $_SERVER['REMOTE_USER'];

 if (!isset($config['auth_mechanism'])) {
elbuit commented Dec 11, 2016

It works fine.

You can close this bug.
Thanks Neil.

@laf laf added a commit to laf/librenms that referenced this issue Dec 11, 2016
@laf laf fix: Fixed broken http-auth auth module #5053 13c9a85
@laf laf referenced this issue Dec 11, 2016

fix: Fixed broken http-auth auth module #5053 #5146

2 of 2 tasks complete
laf commented Dec 11, 2016

I've submitted the fix, once it's merged in you may need to revert this patch to update again.

@laf laf closed this in #5146 Dec 12, 2016
@VimCommando VimCommando added a commit to VimCommando/librenms that referenced this issue Jan 4, 2017
@laf @VimCommando laf + VimCommando fix: Fixed broken http-auth auth module #5053 (#5146) 7830841
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment